gst-plugins-rs/deny.toml

[advisories]
db-path = "~/.cargo/advisory-db"
db-url = "https://github.com/rustsec/advisory-db"
vulnerability = "deny"
unmaintained = "warn"
notice = "warn"
ignore = [
    # ignore because mio/miow still depend on net2, next mio release fixes this
    "RUSTSEC-2020-0016",
    # ignore because rusoto_credentials still depends on dirs instead of dirs-next
    # https://github.com/rusoto/rusoto/pull/1846
    "RUSTSEC-2020-0053",
]

[licenses]
unlicensed = "deny"
allow = [
  "Apache-2.0",
]
deny = [
  "GPL-1.0",
  "GPL-2.0",
  "GPL-3.0",
  "AGPL-1.0",
  "AGPL-3.0",
]
copyleft = "allow"
allow-osi-fsf-free = "either"
confidence-threshold = 0.8

[bans]
multiple-versions = "deny"
highlight = "all"
wildcards = "allow"

# ignore duplicated deps because of dav1d-sys via metadeps depending on old
# error-chain and toml
# https://github.com/rust-av/dav1d-rs/issues/26
# https://github.com/joshtriplett/metadeps/pull/12
# https://github.com/joshtriplett/metadeps/pull/4
[[bans.skip]]
name = "error-chain"
version = "0.10"
[[bans.skip]]
name = "toml"
version = "0.2"

# ignore duplicated deps because of mio-named-pipes via mio depending on old
# miow
# https://github.com/alexcrichton/mio-named-pipes/issues/7
[[bans.skip]]
name = "miow"
version = "0.2"
[[bans.skip]]
name = "winapi"
version = "0.2"

# ignore duplicated deps because of rav1e depending on an old version of paste
# https://github.com/xiph/rav1e/pull/2489
[[bans.skip]]
name = "paste"
version = "0.1"

# ignore duplicated deps because of chrono, cookie, cookie_store, hyper,
# hyperx, reqwest depending on old time
# https://github.com/chronotope/chrono/issues/400
# https://github.com/pfernie/cookie_store/issues/11
# https://github.com/hyperium/hyper/pull/2139
# https://github.com/dekellum/hyperx/issues/21
# https://github.com/seanmonstar/reqwest/issues/934
[[bans.skip]]
name = "time"
version = "0.1"

# ignore duplicated tokio dep because of gst-plugin-threadshare having its own
# fork
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/118
[[bans.skip]]
name = "tokio"
version = "0.2.13"
[[bans.skip]]
name = "tokio-macros"

# ignore duplicated textwrap dependency because clap depends on an old version
# https://github.com/clap-rs/clap/pull/1994
[[bans.skip]]
name = "textwrap"
version = "0.11"

# ignore duplicated miniz_oxide dependency because png/tiff depend on an old version
# https://github.com/image-rs/image-tiff/pull/76
# https://github.com/image-rs/image-png/pull/235
[[bans.skip]]
name = "miniz_oxide"
version = "0.3"

# ignore duplicated wasi dependency because rand/getrandom depend on an old version
[[bans.skip]]
name = "wasi"
version = "0.9"

# ignore duplicated base64 dependency because reqwest/tungstenite/rusoto/rust-argon2 depend on an old version
# https://github.com/seanmonstar/reqwest/pull/1050
# https://github.com/rusoto/rusoto/pull/1837
# https://github.com/snapview/tungstenite-rs/pull/149
# https://github.com/sru-systems/rust-argon2/pull/39
[[bans.skip]]
name = "base64"
version = "0.12"

# ignore duplicated cfg-if dependency because a few dozen dependencies still
# pull in the old version
[[bans.skip]]
name = "cfg-if"
version = "0.1"

# ignore duplicated pin-project dependency because a futures, hyper and rusoto
# still depend on the old version
# https://github.com/rust-lang/futures-rs/commit/8a65340675fdf0ba16997cf507ee6bb27d1dcd15
# https://github.com/hyperium/hyper/commit/02732bef0c1accb441b9b14c07cb2c494234a682
# https://github.com/rusoto/rusoto/pull/1847
[[bans.skip]]
name = "pin-project"
version = "0.4"
[[bans.skip]]
name = "pin-project-internal"
version = "0.4"

# ignore duplicated crossbeam-utils dependency because rust-argon2 depend on an old version
# https://github.com/sru-systems/rust-argon2/pull/39
[[bans.skip]]
name = "crossbeam-utils"
version = "0.7"

# ignore duplicated tinyvec dependency because lewton depends on an old version
# https://github.com/RustAudio/lewton/commit/b8d72804db89db358b99784e1ad9d7a22534743c
[[bans.skip]]
name = "tinyvec"
version = "0.3"

[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-git = [
  "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
  "https://github.com/gtk-rs/gtk-rs",
  "https://github.com/fengalin/tokio",
  "https://github.com/rust-av/flavors",
]
ci: switch from cargo-audit to cargo-deny Fix #110 2020-04-16 11:03:28 +00:00			`[advisories]`
			`db-path = "~/.cargo/advisory-db"`
			`db-url = "https://github.com/rustsec/advisory-db"`
			`vulnerability = "deny"`
			`unmaintained = "warn"`
			`notice = "warn"`
deny: Update to pass again 2020-06-05 09:33:13 +00:00			`ignore = [`
			`# ignore because mio/miow still depend on net2, next mio release fixes this`
deny: Update 2020-10-18 06:47:36 +00:00			`"RUSTSEC-2020-0016",`
			`# ignore because rusoto_credentials still depends on dirs instead of dirs-next`
			`# https://github.com/rusoto/rusoto/pull/1846`
			`"RUSTSEC-2020-0053",`
deny: Update to pass again 2020-06-05 09:33:13 +00:00			`]`
ci: switch from cargo-audit to cargo-deny Fix #110 2020-04-16 11:03:28 +00:00
			`[licenses]`
			`unlicensed = "deny"`
			`allow = [`
			`"Apache-2.0",`
			`]`
			`deny = [`
			`"GPL-1.0",`
			`"GPL-2.0",`
			`"GPL-3.0",`
			`"AGPL-1.0",`
			`"AGPL-3.0",`
			`]`
			`copyleft = "allow"`
			`allow-osi-fsf-free = "either"`
			`confidence-threshold = 0.8`

			`[bans]`
deny: fail on multiple versions Will ensure to keep the ignore list up to date. 2020-04-28 10:16:08 +00:00			`multiple-versions = "deny"`
ci: switch from cargo-audit to cargo-deny Fix #110 2020-04-16 11:03:28 +00:00			`highlight = "all"`
deny: Update configuration 2020-08-10 06:51:52 +00:00			`wildcards = "allow"`
ci: switch from cargo-audit to cargo-deny Fix #110 2020-04-16 11:03:28 +00:00
deny: Skip various duplicated deps until our dependencies are updated 2020-05-29 09:22:52 +00:00			`# ignore duplicated deps because of dav1d-sys via metadeps depending on old`
			`# error-chain and toml`
			`# https://github.com/rust-av/dav1d-rs/issues/26`
			`# https://github.com/joshtriplett/metadeps/pull/12`
			`# https://github.com/joshtriplett/metadeps/pull/4`
			`[[bans.skip]]`
			`name = "error-chain"`
			`version = "0.10"`
			`[[bans.skip]]`
			`name = "toml"`
			`version = "0.2"`

			`# ignore duplicated deps because of mio-named-pipes via mio depending on old`
			`# miow`
			`# https://github.com/alexcrichton/mio-named-pipes/issues/7`
			`[[bans.skip]]`
			`name = "miow"`
			`version = "0.2"`
			`[[bans.skip]]`
			`name = "winapi"`
			`version = "0.2"`

deny: Update configuration 2020-08-10 06:51:52 +00:00			`# ignore duplicated deps because of rav1e depending on an old version of paste`
			`# https://github.com/xiph/rav1e/pull/2489`
			`[[bans.skip]]`
			`name = "paste"`
			`version = "0.1"`

deny: Skip various duplicated deps until our dependencies are updated 2020-05-29 09:22:52 +00:00			`# ignore duplicated deps because of chrono, cookie, cookie_store, hyper,`
			`# hyperx, reqwest depending on old time`
			`# https://github.com/chronotope/chrono/issues/400`
			`# https://github.com/pfernie/cookie_store/issues/11`
			`# https://github.com/hyperium/hyper/pull/2139`
			`# https://github.com/dekellum/hyperx/issues/21`
			`# https://github.com/seanmonstar/reqwest/issues/934`
			`[[bans.skip]]`
			`name = "time"`
			`version = "0.1"`

			`# ignore duplicated tokio dep because of gst-plugin-threadshare having its own`
			`# fork`
			`# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/118`
			`[[bans.skip]]`
			`name = "tokio"`
			`version = "0.2.13"`
			`[[bans.skip]]`
			`name = "tokio-macros"`

deny: Update for latest version of dependencies 2020-06-30 08:02:23 +00:00			`# ignore duplicated textwrap dependency because clap depends on an old version`
			`# https://github.com/clap-rs/clap/pull/1994`
			`[[bans.skip]]`
			`name = "textwrap"`
			`version = "0.11"`

			`# ignore duplicated miniz_oxide dependency because png/tiff depend on an old version`
			`# https://github.com/image-rs/image-tiff/pull/76`
			`# https://github.com/image-rs/image-png/pull/235`
			`[[bans.skip]]`
			`name = "miniz_oxide"`
			`version = "0.3"`

deny: Update Remove some now unneeded entries and add a new one for wasi 2020-08-28 06:10:21 +00:00			`# ignore duplicated wasi dependency because rand/getrandom depend on an old version`
deny: Update by removing unneeded overrides and adding tungstenite for old sha-1 version 2020-07-28 06:38:41 +00:00			`[[bans.skip]]`
deny: Update Remove some now unneeded entries and add a new one for wasi 2020-08-28 06:10:21 +00:00			`name = "wasi"`
			`version = "0.9"`
deny: Update by removing unneeded overrides and adding tungstenite for old sha-1 version 2020-07-28 06:38:41 +00:00
Update deny.toml 2020-10-07 07:00:19 +00:00			`# ignore duplicated base64 dependency because reqwest/tungstenite/rusoto/rust-argon2 depend on an old version`
			`# https://github.com/seanmonstar/reqwest/pull/1050`
			`# https://github.com/rusoto/rusoto/pull/1837`
			`# https://github.com/snapview/tungstenite-rs/pull/149`
			`# https://github.com/sru-systems/rust-argon2/pull/39`
			`[[bans.skip]]`
			`name = "base64"`
			`version = "0.12"`

deny: Update 2020-10-10 08:17:56 +00:00			`# ignore duplicated cfg-if dependency because a few dozen dependencies still`
			`# pull in the old version`
			`[[bans.skip]]`
			`name = "cfg-if"`
			`version = "0.1"`

deny: Update 2020-10-18 06:47:36 +00:00			`# ignore duplicated pin-project dependency because a futures, hyper and rusoto`
			`# still depend on the old version`
			`# https://github.com/rust-lang/futures-rs/commit/8a65340675fdf0ba16997cf507ee6bb27d1dcd15`
			`# https://github.com/hyperium/hyper/commit/02732bef0c1accb441b9b14c07cb2c494234a682`
			`# https://github.com/rusoto/rusoto/pull/1847`
			`[[bans.skip]]`
			`name = "pin-project"`
			`version = "0.4"`
			`[[bans.skip]]`
			`name = "pin-project-internal"`
			`version = "0.4"`

deny: Update 2020-10-22 11:46:41 +00:00			`# ignore duplicated crossbeam-utils dependency because rust-argon2 depend on an old version`
			`# https://github.com/sru-systems/rust-argon2/pull/39`
			`[[bans.skip]]`
			`name = "crossbeam-utils"`
			`version = "0.7"`

deny: Update with duplicated tinyvec dependency 2020-11-12 08:16:13 +00:00			`# ignore duplicated tinyvec dependency because lewton depends on an old version`
			`# https://github.com/RustAudio/lewton/commit/b8d72804db89db358b99784e1ad9d7a22534743c`
			`[[bans.skip]]`
			`name = "tinyvec"`
			`version = "0.3"`

ci: switch from cargo-audit to cargo-deny Fix #110 2020-04-16 11:03:28 +00:00			`[sources]`
			`unknown-registry = "deny"`
			`unknown-git = "deny"`
			`allow-git = [`
			`"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",`
Switch to the combined gtk-rs and gstreamer-rs repositories 2020-11-01 08:24:02 +00:00			`"https://github.com/gtk-rs/gtk-rs",`
ci: switch from cargo-audit to cargo-deny Fix #110 2020-04-16 11:03:28 +00:00			`"https://github.com/fengalin/tokio",`
			`"https://github.com/rust-av/flavors",`
			`]`