gst-plugins-rs/deny.toml

187 lines
4.2 KiB
TOML
Raw Normal View History

[advisories]
db-path = "~/.cargo/advisory-db"
2020-11-20 08:03:52 +00:00
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
notice = "warn"
2020-06-05 09:33:13 +00:00
ignore = [
2022-01-12 15:47:47 +00:00
# Waiting for https://github.com/librespot-org/librespot/issues/937
"RUSTSEC-2021-0059",
"RUSTSEC-2021-0060",
"RUSTSEC-2021-0061",
2022-11-28 08:58:03 +00:00
"RUSTSEC-2021-0145",
2022-06-06 08:58:46 +00:00
# https://github.com/chronotope/chrono/issues/499
"RUSTSEC-2020-0071",
2022-08-16 10:24:04 +00:00
# sodiumoxide is deprecated
"RUSTSEC-2021-0137",
2020-06-05 09:33:13 +00:00
]
[licenses]
unlicensed = "deny"
allow = [
"Apache-2.0",
]
deny = [
"GPL-1.0",
"GPL-2.0",
"GPL-3.0",
"AGPL-1.0",
"AGPL-3.0",
]
copyleft = "allow"
allow-osi-fsf-free = "either"
confidence-threshold = 0.8
[[licenses.clarify]]
2022-06-21 06:44:57 +00:00
name = "ring"
version = "*"
2022-06-21 06:44:57 +00:00
expression = "OpenSSL"
license-files = [
2022-06-21 06:44:57 +00:00
{ path = "LICENSE", hash = 0xbd0eed23 }
]
[bans]
multiple-versions = "deny"
highlight = "all"
2020-08-10 06:51:52 +00:00
wildcards = "allow"
# ignore duplicated deps because of chrono, cookie, cookie_store, hyper,
# hyperx, reqwest depending on old time
# https://github.com/chronotope/chrono/issues/400
# https://github.com/pfernie/cookie_store/issues/11
# https://github.com/hyperium/hyper/pull/2139
# https://github.com/dekellum/hyperx/issues/21
# https://github.com/seanmonstar/reqwest/issues/934
[[bans.skip]]
name = "time"
version = "0.1"
2021-09-11 05:45:25 +00:00
# ignore duplicated crc dependency because ffv1 depends on an old version
# https://github.com/rust-av/ffv1/issues/21
[[bans.skip]]
name = "crc"
version = "1.8"
2022-12-19 07:54:50 +00:00
# Ignore various duplicated dependencies because librespot depends on an old versions
2022-02-12 10:40:00 +00:00
[[bans.skip]]
name = "block-buffer"
version = "0.9"
[[bans.skip]]
name = "digest"
version = "0.9"
[[bans.skip]]
name = "sha-1"
version = "0.9"
2022-12-19 07:54:50 +00:00
[[bans.skip]]
name = "env_logger"
version = "0.9"
[[bans.skip]]
name = "hmac"
version = "0.11"
2022-02-12 10:40:00 +00:00
# ignore duplicated wasi dependency because various crates depends on an old version
[[bans.skip]]
name = "wasi"
version = "0.10"
2022-07-11 15:30:54 +00:00
# ignore duplicated spin dependency because various crates depend on an old version
[[bans.skip]]
name = "spin"
version = "0.5"
2022-10-25 07:54:29 +00:00
# cookie_store depends on older idna
# https://github.com/pfernie/cookie_store/commit/b9c710f45550c5c8997f18a83e6fcc5998cf1726
[[bans.skip]]
name = "idna"
version = "0.2"
2022-11-28 08:58:03 +00:00
# field-offset and nix depend on an older memoffset
# https://github.com/Diggsey/rust-field-offset/pull/23
# https://github.com/nix-rust/nix/pull/1885
[[bans.skip]]
name = "memoffset"
version = "0.6"
# Various crates depend on an older version of hermit-abi
[[bans.skip]]
name = "hermit-abi"
version = "0.1"
2023-06-30 08:12:52 +00:00
# Various crates depend on an older version of base64
[[bans.skip]]
name = "base64"
version = "0.13"
# Various crates depend on an older version of socket2
[[bans.skip]]
name = "socket2"
version = "0.4"
# Various crates depend on an older version of syn
[[bans.skip]]
name = "syn"
version = "1.0"
# Various crates depend on an older version of bitflags
[[bans.skip]]
name = "bitflags"
version = "1.0"
2023-03-27 08:19:21 +00:00
# cargo-lock depends on an old version of the toml crate
# https://github.com/rustsec/rustsec/pull/805
[[bans.skip]]
name = "toml"
version = "0.5"
# Various crates depend on an older version of redox_syscall
[[bans.skip]]
name = "redox_syscall"
version = "0.2"
# tracing-subscriber depends on an older version of regex-syntax
[[bans.skip]]
name = "regex-syntax"
version = "0.6"
# publicsuffix depends on an older version of idna
# https://github.com/rushmorem/publicsuffix/pull/39
[[bans.skip]]
name = "idna"
version = "0.3"
# Various crates depend on an older version of indexmap / hashbrown
[[bans.skip]]
name = "indexmap"
version = "1.0"
[[bans.skip]]
name = "hashbrown"
version = "0.12"
2023-06-27 07:58:57 +00:00
# av1-grain depends on an old version of itertools
# https://github.com/rust-av/av1-grain/pull/12
[[bans.skip]]
name = "itertools"
version = "0.10"
2023-07-06 05:55:14 +00:00
# rav1e depends on an old version of num-derive
# https://github.com/xiph/rav1e/pull/3237
[[bans.skip]]
name = "num-derive"
version = "0.3"
# matchers depends on an old version of regex-automata
[[bans.skip]]
name = "regex-automata"
version = "0.1"
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-git = [
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
2021-05-14 07:47:52 +00:00
"https://github.com/gtk-rs/gtk-rs-core",
"https://github.com/gtk-rs/gtk4-rs",
2021-09-10 06:20:31 +00:00
"https://github.com/rust-av/ffv1",
"https://github.com/rust-av/flavors",
]