[package]
name = "svg_sanitizer_nif"
version = "0.1.0"
edition = "2021"
license = "Apache-2.0"
publish = false
[lib]
name = "svg_sanitizer_nif"
crate-type = ["cdylib"]
[dependencies]
# default-features = false so we don't pin a NIF version implicitly;
# the active version is selected by the feature flags below.
rustler = { version = "0.38", default-features = false }
# Pinned exactly so any svg-hush bump goes through a deliberate review —
# this crate is the entire XSS-defense surface. To upgrade: bump here,
# regenerate Cargo.lock, re-run cargo audit, then re-run the XSS test
# suite (test/svg_sanitizer_test.exs) against the new version.
svg-hush = "=0.9.6"
# Rustler >=0.30 requires the consumer crate to declare which NIF version
# it targets. v0.1 supports a single NIF version (2.17, OTP 26+) so the
# default and the CI matrix flag agree -- no "highest active != desired"
# conflict. Adding 2.16/2.15 later means listing the feature here, in
# release.yml's matrix, and in lib/svg_sanitizer/native.ex's :nif_versions.
[features]
default = ["nif_version_2_17"]
nif_version_2_17 = ["rustler/nif_version_2_17"]