mirror of
https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs.git
synced 2024-11-14 14:21:02 +00:00
31172bb011
The vulnerability was handled as part of https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/602 and https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/603 but the tokio fork used in threadshare is based on an earlier version which prevents cargo-deny from assuming that the vulnerability is fixed. See https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/604
164 lines
4.3 KiB
TOML
164 lines
4.3 KiB
TOML
[advisories]
|
|
db-path = "~/.cargo/advisory-db"
|
|
db-urls = ["https://github.com/rustsec/advisory-db"]
|
|
vulnerability = "deny"
|
|
unmaintained = "warn"
|
|
notice = "warn"
|
|
ignore = [
|
|
# Waiting for https://github.com/chronotope/chrono/pull/578
|
|
"RUSTSEC-2020-0071",
|
|
"RUSTSEC-2020-0159",
|
|
# Temporarily ignore: vulnerability handled as part of
|
|
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/602
|
|
# and
|
|
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/603
|
|
# but the tokio fork used in threadshare is based on an earlier version
|
|
# which prevents cargo-deny from assuming that the vulnerability is fixed.
|
|
# See https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/604
|
|
"RUSTSEC-2021-0124",
|
|
]
|
|
|
|
[licenses]
|
|
unlicensed = "deny"
|
|
allow = [
|
|
"Apache-2.0",
|
|
]
|
|
deny = [
|
|
"GPL-1.0",
|
|
"GPL-2.0",
|
|
"GPL-3.0",
|
|
"AGPL-1.0",
|
|
"AGPL-3.0",
|
|
]
|
|
copyleft = "allow"
|
|
allow-osi-fsf-free = "either"
|
|
confidence-threshold = 0.8
|
|
|
|
[bans]
|
|
multiple-versions = "deny"
|
|
highlight = "all"
|
|
wildcards = "allow"
|
|
|
|
# ignore duplicated deps because of mio-named-pipes via mio depending on old
|
|
# miow
|
|
# https://github.com/alexcrichton/mio-named-pipes/issues/7
|
|
[[bans.skip]]
|
|
name = "miow"
|
|
version = "0.2"
|
|
[[bans.skip]]
|
|
name = "winapi"
|
|
version = "0.2"
|
|
|
|
# ignore duplicated deps because of chrono, cookie, cookie_store, hyper,
|
|
# hyperx, reqwest depending on old time
|
|
# https://github.com/chronotope/chrono/issues/400
|
|
# https://github.com/pfernie/cookie_store/issues/11
|
|
# https://github.com/hyperium/hyper/pull/2139
|
|
# https://github.com/dekellum/hyperx/issues/21
|
|
# https://github.com/seanmonstar/reqwest/issues/934
|
|
[[bans.skip]]
|
|
name = "time"
|
|
version = "0.1"
|
|
|
|
# ignore duplicated tokio dep because of gst-plugin-threadshare having its own
|
|
# fork
|
|
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/118
|
|
[[bans.skip]]
|
|
name = "tokio"
|
|
version = "0.2.13"
|
|
[[bans.skip]]
|
|
name = "tokio-macros"
|
|
|
|
# ignore duplicated textwrap dependency because clap depends on an old version
|
|
# https://github.com/clap-rs/clap/pull/1994
|
|
[[bans.skip]]
|
|
name = "textwrap"
|
|
version = "0.11"
|
|
|
|
# ignore duplicated cfg-if dependency because a few dozen dependencies still
|
|
# pull in the old version
|
|
[[bans.skip]]
|
|
name = "cfg-if"
|
|
version = "0.1"
|
|
|
|
# ignore duplicated pin-project-lite dependency because many crates depend on an old version
|
|
[[bans.skip]]
|
|
name = "pin-project-lite"
|
|
version = "0.1"
|
|
|
|
# ignore duplicated nom dependency because cexpr, m3u8-rs depends on an old version
|
|
# https://github.com/jethrogb/rust-cexpr/issues/26
|
|
[[bans.skip]]
|
|
name = "nom"
|
|
version = "5"
|
|
|
|
# ignore duplicated arrayvec dependency because nom 5 depends on an old version
|
|
[[bans.skip]]
|
|
name = "arrayvec"
|
|
version = "0.5"
|
|
|
|
# ignore duplicated nom dependency because tokio v0.2 depends on an old version
|
|
[[bans.skip]]
|
|
name = "bytes"
|
|
version = "0.5"
|
|
[[bans.skip]]
|
|
name = "mio"
|
|
version = "0.6"
|
|
|
|
# ignore duplicated rustc_version dependency because various crates depend on an old version
|
|
[[bans.skip]]
|
|
name = "rustc_version"
|
|
version = "0.2"
|
|
[[bans.skip]]
|
|
name = "semver"
|
|
version = "0.9"
|
|
[[bans.skip]]
|
|
name = "semver-parser"
|
|
version = "0.7"
|
|
|
|
# ignore duplicated rustc_version dependency because rav1e depends on an old version
|
|
[[bans.skip]]
|
|
name = "rustc_version"
|
|
version = "0.3"
|
|
[[bans.skip]]
|
|
name = "semver"
|
|
version = "0.11"
|
|
|
|
# ignore duplicated num-rational dependency because image depends on an old version
|
|
# https://github.com/image-rs/image/pull/1451
|
|
[[bans.skip]]
|
|
name = "num-rational"
|
|
version = "0.3"
|
|
|
|
# ignore duplicated ansi_term dependency because clap depends on an old version
|
|
# https://github.com/clap-rs/clap/pull/2402
|
|
[[bans.skip]]
|
|
name = "ansi_term"
|
|
version = "0.11"
|
|
|
|
# ignore duplicated system-deps dependency because dav1d depends on an old version
|
|
# https://github.com/rusoto/rusoto/pull/1915
|
|
[[bans.skip]]
|
|
name = "system-deps"
|
|
version = "3"
|
|
[[bans.skip]]
|
|
name = "cfg-expr"
|
|
version = "0.7"
|
|
|
|
# ignore duplicated crc dependency because ffv1 depends on an old version
|
|
# https://github.com/rust-av/ffv1/issues/21
|
|
[[bans.skip]]
|
|
name = "crc"
|
|
version = "1.8"
|
|
|
|
[sources]
|
|
unknown-registry = "deny"
|
|
unknown-git = "deny"
|
|
allow-git = [
|
|
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
|
|
"https://github.com/gtk-rs/gtk-rs-core",
|
|
"https://github.com/gtk-rs/gtk4-rs",
|
|
"https://github.com/fengalin/tokio",
|
|
"https://github.com/rust-av/ffv1",
|
|
"https://github.com/rust-av/flavors",
|
|
]
|