Elgato_dark/gitui
1
0
Fork 0
mirror of https://github.com/gitui-org/gitui synced 2026-05-24 09:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
gitui/deny.toml
Johannes Agricola 381ab45d3a
Ignore RUSTSEC-2024-0436 (#2562) 
cargo deny reports:

```
ID: RUSTSEC-2024-0436
Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0436
The creator of the crate `paste` has stated in the [`README.md`](https://github.com/dtolnay/paste/blob/master/README.md)
that this project is not longer maintained as well as archived the repository
Announcement: https://github.com/dtolnay/paste
Solution: No safe upgrade is available!
paste v1.0.15
└── ratatui v0.29.0
    ├── gitui v0.27.0
    └── tui-textarea v0.7.0
        └── gitui v0.27.0 (*)
```

In https://github.com/gitui-org/gitui/issues/2554 the decision was made
to ignore this advisory, as ratatui already has removed paste in
https://github.com/ratatui/ratatui/pull/1713 and we are just waiting for
an upstream release.

Co-authored-by: Naseschwarz <naseschwarz@0x53a.de>
2025-03-14 22:20:10 +01:00

52 lines
1.5 KiB
TOML
Raw Blame History

[licenses]
allow = [
"MIT",
"Apache-2.0",
"BSD-2-Clause",
"BSD-3-Clause",
"CC0-1.0",
"ISC",
"MPL-2.0",
"Unicode-3.0",
"Zlib",
]
[advisories]
version = 2
ignore = [
# No fix for RSA, and this is a dependency from ssh_key crate to handle rsa ssh key.
# https://rustsec.org/advisories/RUSTSEC-2023-0071
"RUSTSEC-2023-0071",
# Crate paste is unmaintained. The dependency is already removed in
# ratatui:master. Until a new release is available, ignore this in
# order to pass CI. (https://github.com/gitui-org/gitui/issues/2554)
{ id = "RUSTSEC-2024-0436", reason = "The paste dependency is already removed from ratatui." }
]
[bans]
multiple-versions = "deny"
skip-tree = [
# currently needed due to:
# * `dirs-sys v0.4.1` (https://github.com/dirs-dev/dirs-sys-rs/issues/29)
{ name = "windows-sys" },
# this is needed for:
# `bwrap v1.3.0` (https://github.com/micl2e2/bwrap/pull/4)
{ name = "unicode-width" },
# currently needed due to `ratatui v0.29.0`
{ name = "unicode-truncate" },
# currently needed due to:
# * `redox_users v0.4.6`
# * `syntect v5.2.0`
{ name = "thiserror" },
# currently needed due to:
# * `windows v0.57.0`
# * `iana-time-zone v0.1.60`
{ name = "windows-core" },
# currently needed due to:
# * `parking_lot_core v0.9.10`
# * `filetime v0.2.23`
{ name = "redox_syscall" },
# currently needed due to:
# * `gix-hashtable v0.6.0`
{ name = "hashbrown" },
]
Reference in a new issue View git blame Copy permalink