From 7bd063ccaefe728333e74ac20fddb8972036ceb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Thu, 24 Oct 2024 10:09:41 +0300 Subject: [PATCH] deny: Update various livekit-related overrides Part-of: --- Cargo.lock | 9 +++---- deny.toml | 71 ++++++++++++++++++++++++++++++------------------------ 2 files changed, 44 insertions(+), 36 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 16f9fe47..18aa18f9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2277,14 +2277,13 @@ dependencies = [ [[package]] name = "governor" -version = "0.6.4" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a7ecdc5898f6a43e08a7e2c9e2266beb98fd4dfbf2634182540fbb715245093" +checksum = "68a7f542ee6b35af73b06abc0dad1c1bae89964e4e253bc4b587b91c9637867b" dependencies = [ "cfg-if", - "futures-sink", + "futures", "futures-timer", - "futures-util", "no-std-compat", "nonzero_ext", "parking_lot", @@ -4430,7 +4429,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" dependencies = [ "cfg-if", - "windows-targets 0.52.6", + "windows-targets 0.48.5", ] [[package]] diff --git a/deny.toml b/deny.toml index 25e71789..71b02877 100644 --- a/deny.toml +++ b/deny.toml @@ -3,10 +3,8 @@ version = 2 db-path = "~/.cargo/advisory-db" db-urls = ["https://github.com/rustsec/advisory-db"] ignore = [ - # Waiting for https://github.com/librespot-org/librespot/issues/937 - "RUSTSEC-2021-0059", - "RUSTSEC-2021-0060", - "RUSTSEC-2021-0061", + # librespot depends on a vulnerable version of rsa + "RUSTSEC-2023-0071", # sodiumoxide is deprecated # https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/530 "RUSTSEC-2021-0137", @@ -60,24 +58,6 @@ version = "1.8" # Ignore various duplicated dependencies because librespot depends on an old versions [[bans.skip]] -name = "block-buffer" -version = "0.9" -[[bans.skip]] -name = "digest" -version = "0.9" -[[bans.skip]] -name = "sha-1" -version = "0.9" -[[bans.skip]] -name = "hmac" -version = "0.11" -[[bans.skip]] -name = "zerocopy" -version = "0.6" -[[bans.skip]] -name = "zerocopy-derive" -version = "0.6" -[[bans.skip]] name = "hermit-abi" version = "0.3" @@ -105,21 +85,30 @@ version = "0.6" name = "idna" version = "0.3" -# Various crates depend on an older version of indexmap / hashbrown -[[bans.skip]] -name = "indexmap" -version = "1.0" -[[bans.skip]] -name = "hashbrown" -version = "0.12" - -# various livekit dependencies depend on an old version of itertools and sync_wrapper +# various livekit dependencies depend on an older versions of various crates [[bans.skip]] name = "itertools" version = "0.11" [[bans.skip]] name = "sync_wrapper" version = "0.1" +[[bans.skip]] +name = "rustls-native-certs" +version = "0.7" +[[bans.skip]] +name = "hyper-rustls" +version = "0.26" +[[bans.skip]] +name = "tokio-rustls" +version = "0.25" + +# chrono via iana-time-zone depends on old windows-core +[[bans.skip]] +name = "windows-core" +version = "0.52" +[[bans.skip]] +name = "windows-result" +version = "0.1" # various rav1e / dssim-core depend on an old version of itertools [[bans.skip]] @@ -270,6 +259,26 @@ version = "0.22" name = "tokio-rustls" version = "0.24" +# aws SDK depends on older version of various crypto crates +[[bans.skip]] +name = "der" +version = "0.6" +[[bans.skip]] +name = "hyper-rustls" +version = "0.24" +[[bans.skip]] +name = "pkcs8" +version = "0.9" +[[bans.skip]] +name = "rustc-hash" +version = "1" +[[bans.skip]] +name = "signature" +version = "1" +[[bans.skip]] +name = "spki" +version = "0.6" + [sources] unknown-registry = "deny" unknown-git = "deny"