gst-plugins-rs/deny.toml
François Laignel 31172bb011 deny.toml: ignore RUSTSEC-2021-0124 again
The vulnerability was handled as part of
https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/602
and
https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/603
but the tokio fork used in threadshare is based on an earlier
version which prevents cargo-deny from assuming that the vulnerability
is fixed.

See https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/604
2021-11-18 12:57:10 +01:00

164 lines
4.3 KiB
TOML

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
notice = "warn"
ignore = [
# Waiting for https://github.com/chronotope/chrono/pull/578
"RUSTSEC-2020-0071",
"RUSTSEC-2020-0159",
# Temporarily ignore: vulnerability handled as part of
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/602
# and
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/603
# but the tokio fork used in threadshare is based on an earlier version
# which prevents cargo-deny from assuming that the vulnerability is fixed.
# See https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/604
"RUSTSEC-2021-0124",
]
[licenses]
unlicensed = "deny"
allow = [
"Apache-2.0",
]
deny = [
"GPL-1.0",
"GPL-2.0",
"GPL-3.0",
"AGPL-1.0",
"AGPL-3.0",
]
copyleft = "allow"
allow-osi-fsf-free = "either"
confidence-threshold = 0.8
[bans]
multiple-versions = "deny"
highlight = "all"
wildcards = "allow"
# ignore duplicated deps because of mio-named-pipes via mio depending on old
# miow
# https://github.com/alexcrichton/mio-named-pipes/issues/7
[[bans.skip]]
name = "miow"
version = "0.2"
[[bans.skip]]
name = "winapi"
version = "0.2"
# ignore duplicated deps because of chrono, cookie, cookie_store, hyper,
# hyperx, reqwest depending on old time
# https://github.com/chronotope/chrono/issues/400
# https://github.com/pfernie/cookie_store/issues/11
# https://github.com/hyperium/hyper/pull/2139
# https://github.com/dekellum/hyperx/issues/21
# https://github.com/seanmonstar/reqwest/issues/934
[[bans.skip]]
name = "time"
version = "0.1"
# ignore duplicated tokio dep because of gst-plugin-threadshare having its own
# fork
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/118
[[bans.skip]]
name = "tokio"
version = "0.2.13"
[[bans.skip]]
name = "tokio-macros"
# ignore duplicated textwrap dependency because clap depends on an old version
# https://github.com/clap-rs/clap/pull/1994
[[bans.skip]]
name = "textwrap"
version = "0.11"
# ignore duplicated cfg-if dependency because a few dozen dependencies still
# pull in the old version
[[bans.skip]]
name = "cfg-if"
version = "0.1"
# ignore duplicated pin-project-lite dependency because many crates depend on an old version
[[bans.skip]]
name = "pin-project-lite"
version = "0.1"
# ignore duplicated nom dependency because cexpr, m3u8-rs depends on an old version
# https://github.com/jethrogb/rust-cexpr/issues/26
[[bans.skip]]
name = "nom"
version = "5"
# ignore duplicated arrayvec dependency because nom 5 depends on an old version
[[bans.skip]]
name = "arrayvec"
version = "0.5"
# ignore duplicated nom dependency because tokio v0.2 depends on an old version
[[bans.skip]]
name = "bytes"
version = "0.5"
[[bans.skip]]
name = "mio"
version = "0.6"
# ignore duplicated rustc_version dependency because various crates depend on an old version
[[bans.skip]]
name = "rustc_version"
version = "0.2"
[[bans.skip]]
name = "semver"
version = "0.9"
[[bans.skip]]
name = "semver-parser"
version = "0.7"
# ignore duplicated rustc_version dependency because rav1e depends on an old version
[[bans.skip]]
name = "rustc_version"
version = "0.3"
[[bans.skip]]
name = "semver"
version = "0.11"
# ignore duplicated num-rational dependency because image depends on an old version
# https://github.com/image-rs/image/pull/1451
[[bans.skip]]
name = "num-rational"
version = "0.3"
# ignore duplicated ansi_term dependency because clap depends on an old version
# https://github.com/clap-rs/clap/pull/2402
[[bans.skip]]
name = "ansi_term"
version = "0.11"
# ignore duplicated system-deps dependency because dav1d depends on an old version
# https://github.com/rusoto/rusoto/pull/1915
[[bans.skip]]
name = "system-deps"
version = "3"
[[bans.skip]]
name = "cfg-expr"
version = "0.7"
# ignore duplicated crc dependency because ffv1 depends on an old version
# https://github.com/rust-av/ffv1/issues/21
[[bans.skip]]
name = "crc"
version = "1.8"
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-git = [
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
"https://github.com/gtk-rs/gtk-rs-core",
"https://github.com/gtk-rs/gtk4-rs",
"https://github.com/fengalin/tokio",
"https://github.com/rust-av/ffv1",
"https://github.com/rust-av/flavors",
]