bevy/deny.toml

60 lines
2.1 KiB
TOML
Raw Normal View History

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
"RUSTSEC-2020-0056", # from gilrs v0.8.1 - unmaintained - https://github.com/koute/stdweb/issues/403
Ignore RUSTSEC-2021-0139 (#5816) # Objective - `ansi_term` has become unmaintained: https://github.com/ogham/rust-ansi-term/issues/72 - This is now blocking our CI so we need to find a way around that. ## Solution Temporary add `RUSTSEC-2021-0139` to ignore until tracing switches to a new crate: https://github.com/tokio-rs/tracing/pull/2040 ## Dependency tree ``` ansi_term v0.12.1 └── tracing-subscriber v0.3.15 ├── bevy_log v0.9.0-dev │ ├── bevy_asset v0.9.0-dev │ │ ├── bevy_animation v0.9.0-dev │ │ │ ├── bevy_gltf v0.9.0-dev │ │ │ │ └── bevy_internal v0.9.0-dev │ │ │ │ ├── bevy v0.9.0-dev │ │ │ │ └── bevy v0.9.0-dev (*) │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ ├── bevy_audio v0.9.0-dev │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ ├── bevy_core_pipeline v0.9.0-dev │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_pbr v0.9.0-dev │ │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_sprite v0.9.0-dev │ │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ │ ├── bevy_text v0.9.0-dev │ │ │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ │ │ └── bevy_ui v0.9.0-dev │ │ │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ │ │ └── bevy_ui v0.9.0-dev (*) │ │ │ └── bevy_ui v0.9.0-dev (*) │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ ├── bevy_internal v0.9.0-dev (*) │ │ ├── bevy_pbr v0.9.0-dev (*) │ │ ├── bevy_render v0.9.0-dev │ │ │ ├── bevy_core_pipeline v0.9.0-dev (*) │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_pbr v0.9.0-dev (*) │ │ │ ├── bevy_scene v0.9.0-dev │ │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_sprite v0.9.0-dev (*) │ │ │ ├── bevy_text v0.9.0-dev (*) │ │ │ └── bevy_ui v0.9.0-dev (*) │ │ ├── bevy_scene v0.9.0-dev (*) │ │ ├── bevy_sprite v0.9.0-dev (*) │ │ ├── bevy_text v0.9.0-dev (*) │ │ └── bevy_ui v0.9.0-dev (*) │ ├── bevy_diagnostic v0.9.0-dev │ │ ├── bevy_asset v0.9.0-dev (*) │ │ └── bevy_internal v0.9.0-dev (*) │ ├── bevy_gltf v0.9.0-dev (*) │ ├── bevy_internal v0.9.0-dev (*) │ ├── bevy_render v0.9.0-dev (*) │ ├── bevy_sprite v0.9.0-dev (*) │ └── bevy_ui v0.9.0-dev (*) └── tracing-wasm v0.2.1 └── bevy_log v0.9.0-dev (*) ```
2022-08-27 20:34:53 +00:00
"RUSTSEC-2021-0139" # from ansi_term v0.12.1 - unmaintained - https://github.com/ogham/rust-ansi-term/issues/72
]
[licenses]
unlicensed = "deny"
copyleft = "deny"
allow = [
"MIT",
"MIT-0",
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"Zlib",
"0BSD",
"BSD-2-Clause",
"CC0-1.0",
]
exceptions = [
{ name = "unicode-ident", allow = ["Unicode-DFS-2016"] },
]
default = "deny"
[bans]
multiple-versions = "deny"
wildcards = "deny"
highlight = "all"
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
{ name = "ndk-sys", version = "0.3" }, # from rodio v0.16.0
{ name = "ndk", version = "0.6" }, # from rodio v0.16.0
{ name = "raw-window-handle", version = "0.4" }, # from winit v0.27.4
{ name = "nix", version = "0.23.1" }, # from alsa v0.6.0
{ name = "windows_aarch64_msvc", version = "0.36" }, # from notify v5.0.0
{ name = "windows_i686_gnu", version = "0.36" }, # from notify v5.0.0
{ name = "windows_i686_msvc", version = "0.36" }, # from notify v5.0.0
{ name = "windows_x86_64_gnu", version = "0.36" }, # from notify v5.0.0
{ name = "windows_x86_64_msvc", version = "0.36" }, # from notify v5.0.0
{ name = "windows-sys", version = "0.36" }, # from notify v5.0.0
{ name = "windows_aarch64_msvc", version = "0.37" }, # from rodio v0.16.0
{ name = "windows_i686_gnu", version = "0.37" }, # from rodio v0.16.0
{ name = "windows_i686_msvc", version = "0.37" }, # from rodio v0.16.0
{ name = "windows_x86_64_gnu", version = "0.37" }, # from rodio v0.16.0
{ name = "windows_x86_64_msvc", version = "0.37" }, # from rodio v0.16.0
]
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []