mirror of
https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs.git
synced 2024-11-28 22:41:02 +00:00
291 lines
5.9 KiB
TOML
291 lines
5.9 KiB
TOML
[advisories]
|
|
version = 2
|
|
db-path = "~/.cargo/advisory-db"
|
|
db-urls = ["https://github.com/rustsec/advisory-db"]
|
|
ignore = [
|
|
# librespot depends on a vulnerable version of rsa
|
|
"RUSTSEC-2023-0071",
|
|
# sodiumoxide is deprecated
|
|
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/530
|
|
"RUSTSEC-2021-0137",
|
|
]
|
|
|
|
[licenses]
|
|
version = 2
|
|
allow = [
|
|
"MIT",
|
|
"BSD-2-Clause",
|
|
"BSD-3-Clause",
|
|
"ISC",
|
|
"OpenSSL",
|
|
"Zlib",
|
|
"Unicode-DFS-2016",
|
|
"Apache-2.0",
|
|
"Apache-2.0 WITH LLVM-exception",
|
|
"MPL-2.0",
|
|
]
|
|
confidence-threshold = 0.8
|
|
|
|
[[licenses.clarify]]
|
|
name = "ring"
|
|
version = "*"
|
|
expression = "OpenSSL"
|
|
license-files = [
|
|
{ path = "LICENSE", hash = 0xbd0eed23 }
|
|
]
|
|
|
|
# Allow AGPL3 from dssim-core, which is optionally used in gst-plugin-videofx
|
|
[[licenses.exceptions]]
|
|
allow = ["AGPL-3.0"]
|
|
name = "dssim-core"
|
|
version = "3.2"
|
|
|
|
# Allow LGPL 2.1 for the threadshare plugin as it includes some LGPL code
|
|
[[licenses.exceptions]]
|
|
allow = ["LGPL-2.1"]
|
|
name = "gst-plugin-threadshare"
|
|
|
|
[bans]
|
|
multiple-versions = "deny"
|
|
highlight = "all"
|
|
wildcards = "allow"
|
|
|
|
# ignore duplicated crc dependency because ffv1 depends on an old version
|
|
# https://github.com/rust-av/ffv1/issues/21
|
|
[[bans.skip]]
|
|
name = "crc"
|
|
version = "1.8"
|
|
|
|
# Ignore various duplicated dependencies because librespot depends on an old versions
|
|
[[bans.skip]]
|
|
name = "hermit-abi"
|
|
version = "0.3"
|
|
|
|
# Various crates depend on an older version of base64
|
|
[[bans.skip]]
|
|
name = "base64"
|
|
version = "0.13"
|
|
[[bans.skip]]
|
|
name = "base64"
|
|
version = "0.21"
|
|
|
|
# Various crates depend on an older version of bitflags
|
|
[[bans.skip]]
|
|
name = "bitflags"
|
|
version = "1.0"
|
|
|
|
# tracing-subscriber depends on an older version of regex-syntax
|
|
[[bans.skip]]
|
|
name = "regex-syntax"
|
|
version = "0.6"
|
|
|
|
# publicsuffix depends on an older version of idna
|
|
# https://github.com/rushmorem/publicsuffix/pull/39
|
|
[[bans.skip]]
|
|
name = "idna"
|
|
version = "0.3"
|
|
|
|
# various livekit dependencies depend on an older versions of various crates
|
|
[[bans.skip]]
|
|
name = "itertools"
|
|
version = "0.11"
|
|
[[bans.skip]]
|
|
name = "sync_wrapper"
|
|
version = "0.1"
|
|
[[bans.skip]]
|
|
name = "rustls-native-certs"
|
|
version = "0.7"
|
|
[[bans.skip]]
|
|
name = "hyper-rustls"
|
|
version = "0.26"
|
|
[[bans.skip]]
|
|
name = "tokio-rustls"
|
|
version = "0.25"
|
|
|
|
# chrono via iana-time-zone depends on old windows-core
|
|
[[bans.skip]]
|
|
name = "windows-core"
|
|
version = "0.52"
|
|
[[bans.skip]]
|
|
name = "windows-result"
|
|
version = "0.1"
|
|
|
|
# various rav1e / dssim-core depend on an old version of itertools
|
|
[[bans.skip]]
|
|
name = "itertools"
|
|
version = "0.12"
|
|
|
|
# matchers depends on an old version of regex-automata
|
|
[[bans.skip]]
|
|
name = "regex-automata"
|
|
version = "0.1"
|
|
|
|
# Various crates depend on old versions of the windows crates
|
|
[[bans.skip]]
|
|
name = "windows_x86_64_msvc"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows_x86_64_gnullvm"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows_x86_64_gnu"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows_i686_msvc"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows_i686_gnu"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows_aarch64_msvc"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows_aarch64_gnullvm"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows-targets"
|
|
version = "0.48"
|
|
[[bans.skip]]
|
|
name = "windows-sys"
|
|
version = "0.48"
|
|
|
|
# Various crates depend on an older version of crypto-bigint
|
|
[[bans.skip]]
|
|
name = "crypto-bigint"
|
|
version = "0.4"
|
|
|
|
# livekit-api depends on an older version of tokio-tungstenite
|
|
[[bans.skip]]
|
|
name = "tokio-tungstenite"
|
|
version = "0.20"
|
|
[[bans.skip]]
|
|
name = "tungstenite"
|
|
version = "0.20"
|
|
|
|
# Various crates depend on an older version of http
|
|
[[bans.skip]]
|
|
name = "http"
|
|
version = "0.2"
|
|
|
|
# Various crates depend on an older version of heck
|
|
[[bans.skip]]
|
|
name = "heck"
|
|
version = "0.4"
|
|
|
|
# Various crates depend on an older version of hyper / reqwest / headers / etc
|
|
[[bans.skip]]
|
|
name = "hyper"
|
|
version = "0.14"
|
|
[[bans.skip]]
|
|
name = "hyper-tls"
|
|
version = "0.5"
|
|
[[bans.skip]]
|
|
name = "http-body"
|
|
version = "0.4"
|
|
[[bans.skip]]
|
|
name = "headers-core"
|
|
version = "0.2"
|
|
[[bans.skip]]
|
|
name = "headers"
|
|
version = "0.3"
|
|
[[bans.skip]]
|
|
name = "h2"
|
|
version = "0.3"
|
|
[[bans.skip]]
|
|
name = "reqwest"
|
|
version = "0.11"
|
|
[[bans.skip]]
|
|
name = "rustls-pemfile"
|
|
version = "1.0"
|
|
[[bans.skip]]
|
|
name = "winreg"
|
|
version = "0.50"
|
|
[[bans.skip]]
|
|
name = "system-configuration"
|
|
version = "0.5"
|
|
[[bans.skip]]
|
|
name = "system-configuration-sys"
|
|
version = "0.5"
|
|
|
|
# The AWS SDK uses old versions of rustls and related crates
|
|
[[bans.skip]]
|
|
name = "rustls"
|
|
version = "0.21"
|
|
[[bans.skip]]
|
|
name = "rustls-native-certs"
|
|
version = "0.6"
|
|
[[bans.skip]]
|
|
name = "rustls-webpki"
|
|
version = "0.101"
|
|
|
|
# warp depends on an older version of tokio-tungstenite
|
|
[[bans.skip]]
|
|
name = "tokio-tungstenite"
|
|
version = "0.21"
|
|
[[bans.skip]]
|
|
name = "tungstenite"
|
|
version = "0.21"
|
|
|
|
# various crates depend on an older version of system-deps
|
|
[[bans.skip]]
|
|
name = "system-deps"
|
|
version = "6"
|
|
|
|
# various crates depend on an older version of windows-sys
|
|
[[bans.skip]]
|
|
name = "windows-sys"
|
|
version = "0.52"
|
|
|
|
# derived-into-owned (via pcap-file) depends on old syn / quote
|
|
[[bans.skip]]
|
|
name = "syn"
|
|
version = "0.11"
|
|
[[bans.skip]]
|
|
name = "quote"
|
|
version = "0.3"
|
|
|
|
# dav1d depends on old system-deps which depends on old cfg-expr
|
|
[[bans.skip]]
|
|
name = "cfg-expr"
|
|
version = "0.15"
|
|
|
|
# tokio-rustls via warp depends on old rustls
|
|
[[bans.skip]]
|
|
name = "rustls"
|
|
version = "0.22"
|
|
|
|
# aws-smithy-runtime depends on old tokio-rustls
|
|
[[bans.skip]]
|
|
name = "tokio-rustls"
|
|
version = "0.24"
|
|
|
|
# aws SDK depends on older version of various crypto crates
|
|
[[bans.skip]]
|
|
name = "der"
|
|
version = "0.6"
|
|
[[bans.skip]]
|
|
name = "hyper-rustls"
|
|
version = "0.24"
|
|
[[bans.skip]]
|
|
name = "pkcs8"
|
|
version = "0.9"
|
|
[[bans.skip]]
|
|
name = "rustc-hash"
|
|
version = "1"
|
|
[[bans.skip]]
|
|
name = "signature"
|
|
version = "1"
|
|
[[bans.skip]]
|
|
name = "spki"
|
|
version = "0.6"
|
|
|
|
[sources]
|
|
unknown-registry = "deny"
|
|
unknown-git = "deny"
|
|
allow-git = [
|
|
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
|
|
"https://github.com/gtk-rs/gtk-rs-core",
|
|
"https://github.com/gtk-rs/gtk4-rs",
|
|
"https://github.com/rust-av/ffv1",
|
|
"https://github.com/rust-av/flavors",
|
|
]
|