11e0ef5391
# Objective The `paste` crate is giving us [warnings in CI](https://github.com/bevyengine/bevy/actions/runs/13751490200/job/38452998990?pr=18099) via `cargo-deny` about being unmaintained. This warning is quite noisy: making unrelated PRs seem like they have a problem due to a job failing. ## Solution Ignore the warning for now. There are multiple crates (accesskit, metal, macro_rules_attribute, rmp) which are using this, and there's no clear migration advice, even if we want to poke upstream to swap off. Strategy for ignoring was taken from https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.template.toml ## Testing Let's see if CI works! --------- Co-authored-by: andriyDev <andriydzikh@gmail.com>
97 lines
2.1 KiB
TOML
97 lines
2.1 KiB
TOML
[graph]
|
|
all-features = true
|
|
|
|
[advisories]
|
|
version = 2
|
|
ignore = [
|
|
# paste was announced as unmaintained with no explanation or replacement
|
|
# See: https://rustsec.org/advisories/RUSTSEC-2024-0436
|
|
# Bevy relies on this in multiple indirect ways, so ignoring it is the only feasible current solution
|
|
"RUSTSEC-2024-0436",
|
|
]
|
|
|
|
[licenses]
|
|
version = 2
|
|
allow = [
|
|
"0BSD",
|
|
"Apache-2.0",
|
|
"Apache-2.0 WITH LLVM-exception",
|
|
"BSD-2-Clause",
|
|
"BSD-3-Clause",
|
|
"BSL-1.0",
|
|
"CC0-1.0",
|
|
"ISC",
|
|
"MIT",
|
|
"MIT-0",
|
|
"Unlicense",
|
|
"Zlib",
|
|
]
|
|
|
|
exceptions = [
|
|
{ name = "unicode-ident", allow = [
|
|
"Unicode-DFS-2016",
|
|
"Unicode-3.0",
|
|
] },
|
|
{ name = "symphonia", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-bundle-flac", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-bundle-mp3", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-codec-aac", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-codec-adpcm", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-codec-pcm", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-codec-vorbis", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-core", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-format-isomp4", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-format-riff", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-metadata", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
{ name = "symphonia-utils-xiph", allow = [
|
|
"MPL-2.0",
|
|
] },
|
|
]
|
|
|
|
[bans]
|
|
multiple-versions = "warn"
|
|
wildcards = "deny"
|
|
# Certain crates that we don't want multiple versions of in the dependency tree
|
|
deny = [
|
|
{ name = "ahash", deny-multiple-versions = true },
|
|
{ name = "android-activity", deny-multiple-versions = true },
|
|
{ name = "glam", deny-multiple-versions = true },
|
|
{ name = "raw-window-handle", deny-multiple-versions = true },
|
|
]
|
|
skip = [
|
|
{ name = "bevy_math", reason = "bevy_math has a path dev dependency on itself without a version" },
|
|
]
|
|
|
|
[sources]
|
|
unknown-registry = "deny"
|
|
unknown-git = "deny"
|
|
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
|
|
allow-git = []
|
|
|
|
# thiserror is the preferred way to derive error types
|
|
[[bans.features]]
|
|
crate = "derive_more"
|
|
deny = ["error"]
|