[advisories] version = 2 db-path = "~/.cargo/advisory-db" db-urls = ["https://github.com/rustsec/advisory-db"] ignore = [ # Waiting for https://github.com/librespot-org/librespot/issues/937 "RUSTSEC-2021-0059", "RUSTSEC-2021-0060", "RUSTSEC-2021-0061", "RUSTSEC-2021-0145", # sodiumoxide is deprecated "RUSTSEC-2021-0137", ] [licenses] version = 2 allow = [ "MIT", "BSD-2-Clause", "BSD-3-Clause", "ISC", "OpenSSL", "Zlib", "Unicode-DFS-2016", "Apache-2.0", "Apache-2.0 WITH LLVM-exception", "MPL-2.0", ] confidence-threshold = 0.8 [[licenses.clarify]] name = "ring" version = "*" expression = "OpenSSL" license-files = [ { path = "LICENSE", hash = 0xbd0eed23 } ] # Allow AGPL3 from dssim-core, which is optionally used in gst-plugin-videofx [[licenses.exceptions]] allow = ["AGPL-3.0"] name = "dssim-core" version = "3.2" # Allow LGPL 2.1 for the threadshare plugin as it includes some LGPL code [[licenses.exceptions]] allow = ["LGPL-2.1"] name = "gst-plugin-threadshare" [bans] multiple-versions = "deny" highlight = "all" wildcards = "allow" # ignore duplicated crc dependency because ffv1 depends on an old version # https://github.com/rust-av/ffv1/issues/21 [[bans.skip]] name = "crc" version = "1.8" # Ignore various duplicated dependencies because librespot depends on an old versions [[bans.skip]] name = "block-buffer" version = "0.9" [[bans.skip]] name = "digest" version = "0.9" [[bans.skip]] name = "sha-1" version = "0.9" [[bans.skip]] name = "env_logger" version = "0.9" [[bans.skip]] name = "hmac" version = "0.11" [[bans.skip]] name = "zerocopy" version = "0.6" [[bans.skip]] name = "zerocopy-derive" version = "0.6" [[bans.skip]] name = "multimap" version = "0.8" [[bans.skip]] name = "nix" version = "0.23" # field-offset and nix depend on an older memoffset # https://github.com/Diggsey/rust-field-offset/pull/23 # https://github.com/nix-rust/nix/pull/1885 [[bans.skip]] name = "memoffset" version = "0.6" # Various crates depend on an older version of hermit-abi [[bans.skip]] name = "hermit-abi" version = "0.1" [[bans.skip]] name = "hermit-abi" version = "0.3" # Various crates depend on an older version of base64 [[bans.skip]] name = "base64" version = "0.13" [[bans.skip]] name = "base64" version = "0.21" # Various crates depend on an older version of socket2 [[bans.skip]] name = "socket2" version = "0.4" # Various crates depend on an older version of bitflags [[bans.skip]] name = "bitflags" version = "1.0" # tracing-subscriber depends on an older version of regex-syntax [[bans.skip]] name = "regex-syntax" version = "0.6" # publicsuffix depends on an older version of idna # https://github.com/rushmorem/publicsuffix/pull/39 [[bans.skip]] name = "idna" version = "0.3" # Various crates depend on an older version of indexmap / hashbrown [[bans.skip]] name = "indexmap" version = "1.0" [[bans.skip]] name = "hashbrown" version = "0.12" # various livekit dependencies depend on an old version of itertools and sync_wrapper [[bans.skip]] name = "itertools" version = "0.11" [[bans.skip]] name = "sync_wrapper" version = "0.1" # various rav1e / dssim-core depend on an old version of itertools [[bans.skip]] name = "itertools" version = "0.12" # matchers depends on an old version of regex-automata [[bans.skip]] name = "regex-automata" version = "0.1" # Various crates depend on old versions of the windows crates [[bans.skip]] name = "windows_x86_64_msvc" version = "0.48" [[bans.skip]] name = "windows_x86_64_gnullvm" version = "0.48" [[bans.skip]] name = "windows_x86_64_gnu" version = "0.48" [[bans.skip]] name = "windows_i686_msvc" version = "0.48" [[bans.skip]] name = "windows_i686_gnu" version = "0.48" [[bans.skip]] name = "windows_aarch64_msvc" version = "0.48" [[bans.skip]] name = "windows_aarch64_gnullvm" version = "0.48" [[bans.skip]] name = "windows-targets" version = "0.48" [[bans.skip]] name = "windows-sys" version = "0.48" # Various crates depend on an older version of crypto-bigint [[bans.skip]] name = "crypto-bigint" version = "0.4" # livekit-api depends on an older version of tokio-tungstenite [[bans.skip]] name = "tokio-tungstenite" version = "0.20" [[bans.skip]] name = "tungstenite" version = "0.20" # Various crates depend on an older version of http [[bans.skip]] name = "http" version = "0.2" # proc-macro-crate depends on an older version of toml_edit # https://github.com/bkchr/proc-macro-crate/pull/50 [[bans.skip]] name = "toml_edit" version = "0.21" [[bans.skip]] name = "winnow" version = "0.5" # Various crates depend on an older version of heck [[bans.skip]] name = "heck" version = "0.4" # Various crates depend on an older version of hyper / reqwest / headers / etc [[bans.skip]] name = "hyper" version = "0.14" [[bans.skip]] name = "hyper-tls" version = "0.5" [[bans.skip]] name = "http-body" version = "0.4" [[bans.skip]] name = "headers-core" version = "0.2" [[bans.skip]] name = "headers" version = "0.3" [[bans.skip]] name = "h2" version = "0.3" [[bans.skip]] name = "reqwest" version = "0.11" [[bans.skip]] name = "rustls-pemfile" version = "1.0" [[bans.skip]] name = "winreg" version = "0.50" # The AWS SDK uses old versions of rustls and related crates [[bans.skip]] name = "rustls" version = "0.21" [[bans.skip]] name = "rustls-native-certs" version = "0.6" [[bans.skip]] name = "rustls-webpki" version = "0.101" # warp depends on an older version of tokio-tungstenite [[bans.skip]] name = "tokio-tungstenite" version = "0.21" [[bans.skip]] name = "tungstenite" version = "0.21" # various crates depend on an older version of system-deps [[bans.skip]] name = "system-deps" version = "6" # various crates depend on an older version of windows-sys [[bans.skip]] name = "windows-sys" version = "0.52" # derived-into-owned (via pcap-file) depends on old syn / quote [[bans.skip]] name = "syn" version = "0.11" [[bans.skip]] name = "quote" version = "0.3" [sources] unknown-registry = "deny" unknown-git = "deny" allow-git = [ "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs", "https://github.com/gtk-rs/gtk-rs-core", "https://github.com/gtk-rs/gtk4-rs", "https://github.com/rust-av/ffv1", "https://github.com/rust-av/flavors", ]