gst-plugins-rs/deny.toml
Sebastian Dröge 41a6075fb5 deny: Simplify license handling
Deny all copyleft licenses except for the MPL-2.0 and add an exception
for gst-plugin-threadshare to allow LGPL-2.1.
2023-10-04 19:00:08 +03:00

181 lines
4.2 KiB
TOML

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
notice = "warn"
ignore = [
# Waiting for https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1293
"RUSTSEC-2023-0065",
# Waiting for https://github.com/librespot-org/librespot/issues/937
"RUSTSEC-2021-0059",
"RUSTSEC-2021-0060",
"RUSTSEC-2021-0061",
"RUSTSEC-2021-0145",
# sodiumoxide is deprecated
"RUSTSEC-2021-0137",
]
[licenses]
unlicensed = "deny"
allow = [
"MPL-2.0",
]
default = "deny"
copyleft = "deny"
allow-osi-fsf-free = "either"
confidence-threshold = 0.8
[[licenses.clarify]]
name = "ring"
version = "*"
expression = "OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 }
]
# Allow AGPL3 from dssim-core, which is optionally used in gst-plugin-videofx
[[licenses.exceptions]]
allow = ["AGPL-3.0"]
name = "dssim-core"
version = "3.2"
# Allow LGPL 2.1 for the threadshare plugin as it includes some LGPL code
[[licenses.exceptions]]
allow = ["LGPL-2.1"]
name = "gst-plugin-threadshare"
[bans]
multiple-versions = "deny"
highlight = "all"
wildcards = "allow"
# ignore duplicated crc dependency because ffv1 depends on an old version
# https://github.com/rust-av/ffv1/issues/21
[[bans.skip]]
name = "crc"
version = "1.8"
# Ignore various duplicated dependencies because librespot depends on an old versions
[[bans.skip]]
name = "block-buffer"
version = "0.9"
[[bans.skip]]
name = "digest"
version = "0.9"
[[bans.skip]]
name = "sha-1"
version = "0.9"
[[bans.skip]]
name = "env_logger"
version = "0.9"
[[bans.skip]]
name = "hmac"
version = "0.11"
# ignore duplicated spin dependency because various crates depend on an old version
[[bans.skip]]
name = "spin"
version = "0.5"
# cookie_store depends on older idna
# https://github.com/pfernie/cookie_store/commit/b9c710f45550c5c8997f18a83e6fcc5998cf1726
[[bans.skip]]
name = "idna"
version = "0.2"
# field-offset and nix depend on an older memoffset
# https://github.com/Diggsey/rust-field-offset/pull/23
# https://github.com/nix-rust/nix/pull/1885
[[bans.skip]]
name = "memoffset"
version = "0.6"
# Various crates depend on an older version of hermit-abi
[[bans.skip]]
name = "hermit-abi"
version = "0.1"
# Various crates depend on an older version of base64
[[bans.skip]]
name = "base64"
version = "0.13"
# Various crates depend on an older version of socket2
[[bans.skip]]
name = "socket2"
version = "0.4"
# Various crates depend on an older version of syn
[[bans.skip]]
name = "syn"
version = "1.0"
# Various crates depend on an older version of bitflags
[[bans.skip]]
name = "bitflags"
version = "1.0"
# cargo-lock depends on an old version of the toml crate
# https://github.com/rustsec/rustsec/pull/805
[[bans.skip]]
name = "toml"
version = "0.5"
# Various crates depend on an older version of redox_syscall
[[bans.skip]]
name = "redox_syscall"
version = "0.2"
# tracing-subscriber depends on an older version of regex-syntax
[[bans.skip]]
name = "regex-syntax"
version = "0.6"
# publicsuffix depends on an older version of idna
# https://github.com/rushmorem/publicsuffix/pull/39
[[bans.skip]]
name = "idna"
version = "0.3"
# Various crates depend on an older version of indexmap / hashbrown
[[bans.skip]]
name = "indexmap"
version = "1.0"
[[bans.skip]]
name = "hashbrown"
version = "0.12"
# av1-grain depends on an old version of itertools
# https://github.com/rust-av/av1-grain/pull/12
[[bans.skip]]
name = "itertools"
version = "0.10"
# rav1e depends on an old version of num-derive
# https://github.com/xiph/rav1e/pull/3237
[[bans.skip]]
name = "num-derive"
version = "0.3"
# matchers depends on an old version of regex-automata
[[bans.skip]]
name = "regex-automata"
version = "0.1"
# old livekit-api depends on an old version of tokio-tungstenite/tungstenite
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1293
[[bans.skip]]
name = "tungstenite"
version = "0.19"
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-git = [
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
"https://github.com/gtk-rs/gtk-rs-core",
"https://github.com/gtk-rs/gtk4-rs",
"https://github.com/rust-av/ffv1",
"https://github.com/rust-av/flavors",
]