Build Security

Note that needling to list crate names in build-rs-allowed means that adding a build.rs is a SemVer hazard (i.e., major version bump). One should also use the exposed name of the crate so that you can grant, say, serde1 build.rs access, but not serde2.