VerifyNoImports verifies that a package doesn't depend (directly or indirectly) on forbidden packages. The forbidden packages are specified as either exact matches or prefix matches. A match is not reported if the package that includes the forbidden package is listed in the allowlist. If GOPATH isn't set, it is an indication that the source is not available and the test is skipped.
VerifyTransitiveAllowlist checks that the entire set of transitive dependencies of the given package is in a allowlist. Vendored and stdlib packages are always allowed.