[advisories] db-path = "~/.cargo/advisory-db" db-urls = ["https://github.com/rustsec/advisory-db"] vulnerability = "deny" unmaintained = "warn" notice = "warn" ignore = [ # Waiting for https://github.com/librespot-org/librespot/issues/937 "RUSTSEC-2021-0059", "RUSTSEC-2021-0060", "RUSTSEC-2021-0061", "RUSTSEC-2021-0145", # https://github.com/chronotope/chrono/issues/499 "RUSTSEC-2020-0071", # sodiumoxide is deprecated "RUSTSEC-2021-0137", # https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/256 "RUSTSEC-2022-0048", ] [licenses] unlicensed = "deny" allow = [ "Apache-2.0", ] deny = [ "GPL-1.0", "GPL-2.0", "GPL-3.0", "AGPL-1.0", "AGPL-3.0", ] copyleft = "allow" allow-osi-fsf-free = "either" confidence-threshold = 0.8 [[licenses.clarify]] name = "ring" version = "*" expression = "OpenSSL" license-files = [ { path = "LICENSE", hash = 0xbd0eed23 } ] [bans] multiple-versions = "deny" highlight = "all" wildcards = "allow" # ignore duplicated deps because of chrono, cookie, cookie_store, hyper, # hyperx, reqwest depending on old time # https://github.com/chronotope/chrono/issues/400 # https://github.com/pfernie/cookie_store/issues/11 # https://github.com/hyperium/hyper/pull/2139 # https://github.com/dekellum/hyperx/issues/21 # https://github.com/seanmonstar/reqwest/issues/934 [[bans.skip]] name = "time" version = "0.1" # ignore duplicated rustc_version dependency because rav1e depends on an old version [[bans.skip]] name = "rustc_version" version = "0.3" [[bans.skip]] name = "semver" version = "0.11" # ignore duplicated crc dependency because ffv1 depends on an old version # https://github.com/rust-av/ffv1/issues/21 [[bans.skip]] name = "crc" version = "1.8" # Ignore various duplicated dependencies because librespot depends on an old versions [[bans.skip]] name = "block-buffer" version = "0.9" [[bans.skip]] name = "digest" version = "0.9" [[bans.skip]] name = "sha-1" version = "0.9" [[bans.skip]] name = "env_logger" version = "0.9" [[bans.skip]] name = "hmac" version = "0.11" # ignore duplicated wasi dependency because various crates depends on an old version [[bans.skip]] name = "wasi" version = "0.10" # ignore duplicated spin dependency because various crates depend on an old version [[bans.skip]] name = "spin" version = "0.5" # cookie_store depends on older idna # https://github.com/pfernie/cookie_store/commit/b9c710f45550c5c8997f18a83e6fcc5998cf1726 [[bans.skip]] name = "idna" version = "0.2" # image depends on older gif # https://github.com/image-rs/image/pull/1826 [[bans.skip]] name = "gif" version = "0.11" # field-offset and nix depend on an older memoffset # https://github.com/Diggsey/rust-field-offset/pull/23 # https://github.com/nix-rust/nix/pull/1885 [[bans.skip]] name = "memoffset" version = "0.6" # Various crates depend on an older version of hermit-abi [[bans.skip]] name = "hermit-abi" version = "0.1" # Various crates depend on an older version of base64 [[bans.skip]] name = "base64" version = "0.13" [sources] unknown-registry = "deny" unknown-git = "deny" allow-git = [ "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs", "https://github.com/gtk-rs/gtk-rs-core", "https://github.com/gtk-rs/gtk4-rs", "https://github.com/rust-av/ffv1", "https://github.com/rust-av/flavors", ]