deny.toml: don't ignore RUSTSEC-2021-0124

This advisory was ignored because we couldn't use a version for
the tokio fork that reflected that it was not vulnerable.

Also remove the tokio fork as an allowed git since we now use
our own executor for threadshare.
This commit is contained in:
François Laignel 2021-12-14 19:52:46 +01:00 committed by Sebastian Dröge
parent 6163589ac7
commit 21d41ca244

View file

@ -8,14 +8,6 @@ ignore = [
# Waiting for https://github.com/chronotope/chrono/pull/578 # Waiting for https://github.com/chronotope/chrono/pull/578
"RUSTSEC-2020-0071", "RUSTSEC-2020-0071",
"RUSTSEC-2020-0159", "RUSTSEC-2020-0159",
# Temporarily ignore: vulnerability handled as part of
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/602
# and
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/603
# but the tokio fork used in threadshare is based on an earlier version
# which prevents cargo-deny from assuming that the vulnerability is fixed.
# See https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/604
"RUSTSEC-2021-0124",
] ]
[licenses] [licenses]
@ -170,7 +162,6 @@ allow-git = [
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs", "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
"https://github.com/gtk-rs/gtk-rs-core", "https://github.com/gtk-rs/gtk-rs-core",
"https://github.com/gtk-rs/gtk4-rs", "https://github.com/gtk-rs/gtk4-rs",
"https://github.com/fengalin/tokio",
"https://github.com/rust-av/ffv1", "https://github.com/rust-av/ffv1",
"https://github.com/rust-av/flavors", "https://github.com/rust-av/flavors",
] ]