[advisories] db-path = "~/.cargo/advisory-db" db-urls = ["https://github.com/rustsec/advisory-db"] vulnerability = "deny" unmaintained = "warn" notice = "warn" ignore = [ # Waiting for https://github.com/chronotope/chrono/pull/578 "RUSTSEC-2020-0071", "RUSTSEC-2020-0159", # Waiting for https://github.com/librespot-org/librespot/issues/937 "RUSTSEC-2021-0059", "RUSTSEC-2021-0060", "RUSTSEC-2021-0061", ] [licenses] unlicensed = "deny" allow = [ "Apache-2.0", ] deny = [ "GPL-1.0", "GPL-2.0", "GPL-3.0", "AGPL-1.0", "AGPL-3.0", ] copyleft = "allow" allow-osi-fsf-free = "either" confidence-threshold = 0.8 # https://github.com/hsivonen/encoding_rs/issues/75 [[licenses.clarify]] name = "encoding_rs" version = "*" expression = "(Apache-2.0 OR MIT) AND BSD-3-Clause" license-files = [ { path = "COPYRIGHT", hash = 0x39f8ad31 } ] [bans] multiple-versions = "deny" highlight = "all" wildcards = "allow" # ignore duplicated deps because of chrono, cookie, cookie_store, hyper, # hyperx, reqwest depending on old time # https://github.com/chronotope/chrono/issues/400 # https://github.com/pfernie/cookie_store/issues/11 # https://github.com/hyperium/hyper/pull/2139 # https://github.com/dekellum/hyperx/issues/21 # https://github.com/seanmonstar/reqwest/issues/934 [[bans.skip]] name = "time" version = "0.1" # ignore duplicated textwrap dependency because clap depends on an old version # https://github.com/clap-rs/clap/pull/1994 [[bans.skip]] name = "textwrap" version = "0.11" # ignore duplicated cfg-if dependency because a few dozen dependencies still # pull in the old version [[bans.skip]] name = "cfg-if" version = "0.1" # ignore duplicated rustc_version dependency because various crates depend on an old version [[bans.skip]] name = "rustc_version" version = "0.2" [[bans.skip]] name = "semver" version = "0.9" [[bans.skip]] name = "semver-parser" version = "0.7" # ignore duplicated rustc_version dependency because rav1e depends on an old version [[bans.skip]] name = "rustc_version" version = "0.3" [[bans.skip]] name = "semver" version = "0.11" # ignore duplicated system-deps dependency because dav1d depends on an old version [[bans.skip]] name = "system-deps" version = "3" [[bans.skip]] name = "version-compare" version = "0.0" [[bans.skip]] name = "cfg-expr" version = "0.7" # ignore duplicated crc dependency because ffv1 depends on an old version # https://github.com/rust-av/ffv1/issues/21 [[bans.skip]] name = "crc" version = "1.8" # ignore duplicated heck dependency because various crates depend on an old version [[bans.skip]] name = "heck" version = "0.3" # ignore duplicated env_logger dependency because librespot depends on an old version [[bans.skip]] name = "env_logger" version = "0.8" # ignore duplicated sha-1/digest/block-buffer dependencies because librespot depends on an old version [[bans.skip]] name = "block-buffer" version = "0.9" [[bans.skip]] name = "digest" version = "0.9" [[bans.skip]] name = "sha-1" version = "0.9" # ignore duplicated tokio-util dependency because librespot/reqwest depend on an old version [[bans.skip]] name = "tokio-util" version = "0.6" # ignore duplicated miniz_oxide dependency because flate2 depends on an old version # https://github.com/rust-lang/flate2-rs/pull/293 [[bans.skip]] name = "miniz_oxide" version = "0.4" # ignore duplicated wasi dependency because various crates depends on an old version [[bans.skip]] name = "wasi" version = "0.10" [sources] unknown-registry = "deny" unknown-git = "deny" allow-git = [ "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs", "https://github.com/gtk-rs/gtk-rs-core", "https://github.com/gtk-rs/gtk4-rs", "https://github.com/rust-av/ffv1", "https://github.com/rust-av/flavors", ]