bevy/deny.toml

56 lines
1.8 KiB
TOML
Raw Normal View History

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
"RUSTSEC-2020-0056", # from gilrs v0.8.1 - unmaintained - https://github.com/koute/stdweb/issues/403
Ignore RUSTSEC-2021-0139 (#5816) # Objective - `ansi_term` has become unmaintained: https://github.com/ogham/rust-ansi-term/issues/72 - This is now blocking our CI so we need to find a way around that. ## Solution Temporary add `RUSTSEC-2021-0139` to ignore until tracing switches to a new crate: https://github.com/tokio-rs/tracing/pull/2040 ## Dependency tree ``` ansi_term v0.12.1 └── tracing-subscriber v0.3.15 ├── bevy_log v0.9.0-dev │ ├── bevy_asset v0.9.0-dev │ │ ├── bevy_animation v0.9.0-dev │ │ │ ├── bevy_gltf v0.9.0-dev │ │ │ │ └── bevy_internal v0.9.0-dev │ │ │ │ ├── bevy v0.9.0-dev │ │ │ │ └── bevy v0.9.0-dev (*) │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ ├── bevy_audio v0.9.0-dev │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ ├── bevy_core_pipeline v0.9.0-dev │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_pbr v0.9.0-dev │ │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_sprite v0.9.0-dev │ │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ │ ├── bevy_text v0.9.0-dev │ │ │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ │ │ └── bevy_ui v0.9.0-dev │ │ │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ │ │ └── bevy_ui v0.9.0-dev (*) │ │ │ └── bevy_ui v0.9.0-dev (*) │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ ├── bevy_internal v0.9.0-dev (*) │ │ ├── bevy_pbr v0.9.0-dev (*) │ │ ├── bevy_render v0.9.0-dev │ │ │ ├── bevy_core_pipeline v0.9.0-dev (*) │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ ├── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_pbr v0.9.0-dev (*) │ │ │ ├── bevy_scene v0.9.0-dev │ │ │ │ ├── bevy_gltf v0.9.0-dev (*) │ │ │ │ └── bevy_internal v0.9.0-dev (*) │ │ │ ├── bevy_sprite v0.9.0-dev (*) │ │ │ ├── bevy_text v0.9.0-dev (*) │ │ │ └── bevy_ui v0.9.0-dev (*) │ │ ├── bevy_scene v0.9.0-dev (*) │ │ ├── bevy_sprite v0.9.0-dev (*) │ │ ├── bevy_text v0.9.0-dev (*) │ │ └── bevy_ui v0.9.0-dev (*) │ ├── bevy_diagnostic v0.9.0-dev │ │ ├── bevy_asset v0.9.0-dev (*) │ │ └── bevy_internal v0.9.0-dev (*) │ ├── bevy_gltf v0.9.0-dev (*) │ ├── bevy_internal v0.9.0-dev (*) │ ├── bevy_render v0.9.0-dev (*) │ ├── bevy_sprite v0.9.0-dev (*) │ └── bevy_ui v0.9.0-dev (*) └── tracing-wasm v0.2.1 └── bevy_log v0.9.0-dev (*) ```
2022-08-27 20:34:53 +00:00
"RUSTSEC-2021-0139" # from ansi_term v0.12.1 - unmaintained - https://github.com/ogham/rust-ansi-term/issues/72
]
[licenses]
unlicensed = "deny"
copyleft = "deny"
allow = [
"MIT",
"MIT-0",
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"Zlib",
"0BSD",
"BSD-2-Clause",
"CC0-1.0",
]
exceptions = [
{ name = "unicode-ident", allow = ["Unicode-DFS-2016"] },
]
default = "deny"
[bans]
multiple-versions = "deny"
wildcards = "deny"
highlight = "all"
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
{ name = "cfg-if", version = "0.1" }, # from winit v0.26.0
{ name = "core-foundation", version = "0.7" }, # from winit v0.26.0
{ name = "core-foundation-sys", version = "0.7" }, # from winit v0.26.0
{ name = "core-graphics", version = "0.19" }, # from winit v0.26.0
{ name = "ndk", version = "0.5" }, # from winit v0.26.1
{ name = "ndk-glue", version = "0.5" }, # from winit v0.26.1
{ name = "ndk-sys", version = "0.2" }, # from winit v0.26.1
{ name = "parking_lot", version = "0.11" }, # from rodio v0.15.0
{ name = "parking_lot_core", version = "0.8" }, # from rodio v0.15.0
{ name = "stdweb", version = "0.1" }, # from rodio v0.15.0
{ name = "nix", version = "0.23.1" }, # from alsa v0.6.0
]
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []