gst-plugins-rs/deny.toml
Sebastian Dröge 72f616fa14 deny: Update
2022-11-28 10:58:03 +02:00

185 lines
4.4 KiB
TOML

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
notice = "warn"
ignore = [
# Waiting for https://github.com/librespot-org/librespot/issues/937
"RUSTSEC-2021-0059",
"RUSTSEC-2021-0060",
"RUSTSEC-2021-0061",
"RUSTSEC-2021-0145",
# https://github.com/chronotope/chrono/issues/499
"RUSTSEC-2020-0071",
# sodiumoxide is deprecated
"RUSTSEC-2021-0137",
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/256
"RUSTSEC-2022-0048",
]
[licenses]
unlicensed = "deny"
allow = [
"Apache-2.0",
]
deny = [
"GPL-1.0",
"GPL-2.0",
"GPL-3.0",
"AGPL-1.0",
"AGPL-3.0",
]
copyleft = "allow"
allow-osi-fsf-free = "either"
confidence-threshold = 0.8
[[licenses.clarify]]
name = "ring"
version = "*"
expression = "OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 }
]
[bans]
multiple-versions = "deny"
highlight = "all"
wildcards = "allow"
# ignore duplicated deps because of chrono, cookie, cookie_store, hyper,
# hyperx, reqwest depending on old time
# https://github.com/chronotope/chrono/issues/400
# https://github.com/pfernie/cookie_store/issues/11
# https://github.com/hyperium/hyper/pull/2139
# https://github.com/dekellum/hyperx/issues/21
# https://github.com/seanmonstar/reqwest/issues/934
[[bans.skip]]
name = "time"
version = "0.1"
# ignore duplicated rustc_version dependency because rav1e depends on an old version
[[bans.skip]]
name = "rustc_version"
version = "0.3"
[[bans.skip]]
name = "semver"
version = "0.11"
# ignore duplicated system-deps dependency because rav1e depends on an old version
[[bans.skip]]
name = "system-deps"
version = "3"
[[bans.skip]]
name = "version-compare"
version = "0.0"
[[bans.skip]]
name = "cfg-expr"
version = "0.7"
# ignore duplicated crc dependency because ffv1 depends on an old version
# https://github.com/rust-av/ffv1/issues/21
[[bans.skip]]
name = "crc"
version = "1.8"
# ignore duplicated heck dependency because various crates depend on an old version
[[bans.skip]]
name = "heck"
version = "0.3"
# ignore duplicated sha-1/digest/block-buffer dependencies because librespot depends on an old version
[[bans.skip]]
name = "block-buffer"
version = "0.9"
[[bans.skip]]
name = "digest"
version = "0.9"
[[bans.skip]]
name = "sha-1"
version = "0.9"
# ignore duplicated wasi dependency because various crates depends on an old version
[[bans.skip]]
name = "wasi"
version = "0.10"
# ignore duplicated spin dependency because various crates depend on an old version
[[bans.skip]]
name = "spin"
version = "0.5"
# Various crates depend on older versions of the windows crates
[[bans.skip]]
name = "windows-sys"
version = "0.36"
[[bans.skip]]
name = "windows_aarch64_msvc"
version = "0.36"
[[bans.skip]]
name = "windows_i686_gnu"
version = "0.36"
[[bans.skip]]
name = "windows_i686_msvc"
version = "0.36"
[[bans.skip]]
name = "windows_x86_64_gnu"
version = "0.36"
[[bans.skip]]
name = "windows_x86_64_msvc"
version = "0.36"
# Various crates depend on older miniz_oxide
# https://github.com/rust-lang/backtrace-rs/pull/483
# https://github.com/rust-lang/flate2-rs/pull/317
# https://github.com/image-rs/image-png/pull/355
[[bans.skip]]
name = "miniz_oxide"
version = "0.5"
# cookie_store depends on older idna
# https://github.com/pfernie/cookie_store/commit/b9c710f45550c5c8997f18a83e6fcc5998cf1726
[[bans.skip]]
name = "idna"
version = "0.2"
# async-io / async-channel depend on an old version of concurrent-queue
# https://github.com/smol-rs/async-channel/pull/50
# https://github.com/smol-rs/async-io/pull/99
[[bans.skip]]
name = "concurrent-queue"
version = "1"
# image depends on older gif
# https://github.com/image-rs/image/pull/1826
[[bans.skip]]
name = "gif"
version = "0.11"
# field-offset and nix depend on an older memoffset
# https://github.com/Diggsey/rust-field-offset/pull/23
# https://github.com/nix-rust/nix/pull/1885
[[bans.skip]]
name = "memoffset"
version = "0.6"
# librespot depends on an older env_logger
[[bans.skip]]
name = "env_logger"
version = "0.9"
# Various crates depend on an older version of hermit-abi
[[bans.skip]]
name = "hermit-abi"
version = "0.1"
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-git = [
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
"https://github.com/gtk-rs/gtk-rs-core",
"https://github.com/gtk-rs/gtk4-rs",
"https://github.com/rust-av/ffv1",
"https://github.com/rust-av/flavors",
]