Mirrors/bevy
2
0
Fork 0
mirror of https://github.com/bevyengine/bevy synced 2024-11-10 07:04:33 +00:00
Code Issues Projects Releases Packages Wiki Activity
bevy/deny.toml

50 lines
1.3 KiB
TOML
Raw Normal View History

enable cargo deny (#2101) https://github.com/EmbarkStudios/cargo-deny cargo-deny is a tool that can issue errors for dependency issues, among other: * security issues in a crate * duplicated dependencies with different versions * unauthorised license Added cargo-deny with an opinionated configuration: * No middle ground with warnings, either allow or deny * Not added to Bors, we probably don't want to block a PR on something that may happen from outside * Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule * Each check in its own job to help readability * Initial config makes Bevy pass all check Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00
[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
update winit to 0.28 (#7480) # Objective - Update winit to 0.28 ## Solution - Small API change - A security advisory has been added for a unmaintained crate used by a dependency of winit build script for wayland I didn't do anything for Android support in this PR though it should be fixable, it should be done in a separate one, maybe https://github.com/bevyengine/bevy/pull/6830 --- ## Changelog - `window.always_on_top` has been removed, you can now use `window.window_level` ## Migration Guide before: ```rust app.new() .add_plugins(DefaultPlugins.set(WindowPlugin { primary_window: Some(Window { always_on_top: true, ..default() }), ..default() })); ``` after: ```rust app.new() .add_plugins(DefaultPlugins.set(WindowPlugin { primary_window: Some(Window { window_level: bevy::window::WindowLevel::AlwaysOnTop, ..default() }), ..default() })); ```
2023-02-03 16:41:39 +00:00
"RUSTSEC-2022-0048", # from xml-rs 0.8.4 - unmaintained - it's used in a build script of winit
enable cargo deny (#2101) https://github.com/EmbarkStudios/cargo-deny cargo-deny is a tool that can issue errors for dependency issues, among other: * security issues in a crate * duplicated dependencies with different versions * unauthorised license Added cargo-deny with an opinionated configuration: * No middle ground with warnings, either allow or deny * Not added to Bors, we probably don't want to block a PR on something that may happen from outside * Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule * Each check in its own job to help readability * Initial config makes Bevy pass all check Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00
]
[licenses]
unlicensed = "deny"
copyleft = "deny"
allow = [
"MIT",
Migrate to encase from crevice (#4339) # Objective - Unify buffer APIs - Also see #4272 ## Solution - Replace vendored `crevice` with `encase` --- ## Changelog Changed `StorageBuffer` Added `DynamicStorageBuffer` Replaced `UniformVec` with `UniformBuffer` Replaced `DynamicUniformVec` with `DynamicUniformBuffer` ## Migration Guide ### `StorageBuffer` removed `set_body()`, `values()`, `values_mut()`, `clear()`, `push()`, `append()` added `set()`, `get()`, `get_mut()` ### `UniformVec` -> `UniformBuffer` renamed `uniform_buffer()` to `buffer()` removed `len()`, `is_empty()`, `capacity()`, `push()`, `reserve()`, `clear()`, `values()` added `set()`, `get()` ### `DynamicUniformVec` -> `DynamicUniformBuffer` renamed `uniform_buffer()` to `buffer()` removed `capacity()`, `reserve()` Co-authored-by: Carter Anderson <mcanders1@gmail.com>
2022-05-18 21:09:21 +00:00
"MIT-0",
enable cargo deny (#2101) https://github.com/EmbarkStudios/cargo-deny cargo-deny is a tool that can issue errors for dependency issues, among other: * security issues in a crate * duplicated dependencies with different versions * unauthorised license Added cargo-deny with an opinionated configuration: * No middle ground with warnings, either allow or deny * Not added to Bors, we probably don't want to block a PR on something that may happen from outside * Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule * Each check in its own job to help readability * Initial config makes Bevy pass all check Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"Zlib",
"0BSD",
"BSD-2-Clause",
"CC0-1.0",
]
allow unicode license (#5337) # Objective - Crate `unicode-ident` added the [unicode license](https://github.com/dtolnay/unicode-ident/blob/master/LICENSE-UNICODE). See https://github.com/dtolnay/unicode-ident#license. The only requirement seems to be to include the license in the distribution - This makes license check fail ## Solution - The license should be ok for Bevy, add it to the allowed licenses
2022-07-17 23:14:38 +00:00
exceptions = [
{ name = "unicode-ident", allow = ["Unicode-DFS-2016"] },
]
enable cargo deny (#2101) https://github.com/EmbarkStudios/cargo-deny cargo-deny is a tool that can issue errors for dependency issues, among other: * security issues in a crate * duplicated dependencies with different versions * unauthorised license Added cargo-deny with an opinionated configuration: * No middle ground with warnings, either allow or deny * Not added to Bors, we probably don't want to block a PR on something that may happen from outside * Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule * Each check in its own job to help readability * Initial config makes Bevy pass all check Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00
default = "deny"
[bans]
multiple-versions = "deny"
wildcards = "deny"
highlight = "all"
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
Basic spatial audio (#6028) # Objective - Add basic spatial audio support to Bevy - this is what rodio supports, so no HRTF, just simple stereo channel manipulation - no "built-in" ECS support: `Emitter` and `Listener` should be components that would automatically update the positions This PR goal is to just expose rodio functionality, made possible with the recent update to rodio 0.16. A proper ECS integration opens a lot more questions, and would probably require an RFC Also updates rodio and fixes #6122
2023-02-20 15:31:07 +00:00
{ name = "core-foundation-sys", version = "0.6" }, # from cpal v0.15.0
{ name = "jni", version = "0.19" }, # from cpal v0.15.0
{ name = "nix", version = "0.24" }, # from cpal v0.15.0
update winit to 0.28 (#7480) # Objective - Update winit to 0.28 ## Solution - Small API change - A security advisory has been added for a unmaintained crate used by a dependency of winit build script for wayland I didn't do anything for Android support in this PR though it should be fixable, it should be done in a separate one, maybe https://github.com/bevyengine/bevy/pull/6830 --- ## Changelog - `window.always_on_top` has been removed, you can now use `window.window_level` ## Migration Guide before: ```rust app.new() .add_plugins(DefaultPlugins.set(WindowPlugin { primary_window: Some(Window { always_on_top: true, ..default() }), ..default() })); ``` after: ```rust app.new() .add_plugins(DefaultPlugins.set(WindowPlugin { primary_window: Some(Window { window_level: bevy::window::WindowLevel::AlwaysOnTop, ..default() }), ..default() })); ```
2023-02-03 16:41:39 +00:00
{ name = "redox_syscall", version = "0.2" }, # from notify v5.1.0
{ name = "windows-sys", version = "0.42" }, # from notify v5.1.0
Fix failing CI `check-bans` due to duplicate `windows` dependency (#7699) # Objective Fixes #7654 ## Solution Add `windows v0.43` to the list of skipped dependencies checked by CI (until `gilrs` publishes a new release with `windows v0.44`)
2023-02-16 03:32:01 +00:00
{ name = "windows", version = "0.43"}, # from gilrs v0.10.1
enable cargo deny (#2101) https://github.com/EmbarkStudios/cargo-deny cargo-deny is a tool that can issue errors for dependency issues, among other: * security issues in a crate * duplicated dependencies with different versions * unauthorised license Added cargo-deny with an opinionated configuration: * No middle ground with warnings, either allow or deny * Not added to Bors, we probably don't want to block a PR on something that may happen from outside * Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule * Each check in its own job to help readability * Initial config makes Bevy pass all check Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00
]
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []
Reference in a new issue Copy permalink