mirror of
https://github.com/servo/servo.git
synced 2025-06-06 00:25:37 +00:00
01bbf02214
Bumps [webpki-roots](https://github.com/rustls/webpki-roots) from 0.26.8 to 0.26.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki-roots/releases">webpki-roots's releases</a>.</em></p> <blockquote> <h2>0.26.9</h2> <p>The license of the <code>webpki-roots</code> and <code>webpki-root-certs</code> crates changed from MPL-2.0 to CDLA-Permissive-2.0. Thank you to the <a href="https://redirect.github.com/mozilla/www.ccadb.org/issues/188">CCADB maintainers for enabling us to make this change</a>.</p> <h2>Upstream changes</h2> <p><em>None</em></p> <h2>What's Changed</h2> <ul> <li>Adjust license of mechnically-reformed crates by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/88">rustls/webpki-roots#88</a></li> <li>Run CI on ubuntu-latest by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/91">rustls/webpki-roots#91</a></li> <li>Support code-signing trust bit by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/93">rustls/webpki-roots#93</a></li> <li><code>manual_ok_err</code> clippy fix by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/94">rustls/webpki-roots#94</a></li> <li>webpki-(roots|root-certs): v0.26.8 -> v0.26.9 by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/95">rustls/webpki-roots#95</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki-roots/compare/v/0.26.8...v/0.26.9">https://github.com/rustls/webpki-roots/compare/v/0.26.8...v/0.26.9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="575994bb51"><code>575994b</code></a> webpki-(roots|root-certs): v0.26.8 -> v0.26.9</li> <li><a href="f9f5789f47"><code>f9f5789</code></a> <code>manual_ok_err</code> clippy fix</li> <li><a href="fce41f761a"><code>fce41f7</code></a> Support code-signing trust bit</li> <li><a href="f19c83f0f6"><code>f19c83f</code></a> Run CI on ubuntu-latest</li> <li><a href="90c48f3867"><code>90c48f3</code></a> Adjust license of mechanically-reformed crates</li> <li>See full diff in <a href="https://github.com/rustls/webpki-roots/compare/v/0.26.8...v/0.26.9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
166 lines
4.2 KiB
TOML
166 lines
4.2 KiB
TOML
[graph]
|
|
all-features = false
|
|
no-default-features = false
|
|
#features = []
|
|
|
|
# The output table provides options for how/if diagnostics are outputted
|
|
[output]
|
|
feature-depth = 1
|
|
|
|
# This section is considered when running `cargo deny check advisories`
|
|
# More documentation for the advisories section can be found here:
|
|
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
|
|
[advisories]
|
|
ignore = [
|
|
# This has been yanked, but upgrading to the next version breaks some WPT tests.
|
|
# It needs investigation.
|
|
"url@2.5.3",
|
|
|
|
# The crate `paste` is no longer maintained.
|
|
"RUSTSEC-2024-0436",
|
|
]
|
|
|
|
# This section is considered when running `cargo deny check licenses`
|
|
# More documentation for the licenses section can be found here:
|
|
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
|
|
[licenses]
|
|
# List of explicitly allowed licenses
|
|
# See https://spdx.org/licenses/ for list of possible licenses
|
|
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
|
|
allow = [
|
|
"Apache-2.0 WITH LLVM-exception",
|
|
"Apache-2.0",
|
|
"BSD-2-Clause",
|
|
"BSD-3-Clause",
|
|
"BSL-1.0",
|
|
"CC0-1.0",
|
|
"CDLA-Permissive-2.0",
|
|
"ISC",
|
|
"MIT",
|
|
"MPL-2.0",
|
|
"OpenSSL",
|
|
"OFL-1.1",
|
|
"Ubuntu-font-1.0",
|
|
"Unicode-3.0",
|
|
"Zlib",
|
|
]
|
|
# The confidence threshold for detecting a license from license text.
|
|
# The higher the value, the more closely the license text must be to the
|
|
# canonical license text of a valid SPDX license file.
|
|
# [possible values: any between 0.0 and 1.0].
|
|
confidence-threshold = 0.8
|
|
# Allow 1 or more licenses on a per-crate basis, so that particular licenses
|
|
# aren't accepted for every possible crate as with the normal allow list
|
|
exceptions = [
|
|
]
|
|
|
|
|
|
# This section is considered when running `cargo deny check bans`.
|
|
# More documentation about the 'bans' section can be found here:
|
|
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
|
|
[bans]
|
|
external-default-features = "allow"
|
|
highlight = "all"
|
|
multiple-versions = "deny"
|
|
wildcards = "allow"
|
|
workspace-default-features = "allow"
|
|
|
|
# List of crates that are allowed. Use with care!
|
|
allow = []
|
|
|
|
# List of crates to deny:
|
|
deny = [
|
|
"num",
|
|
{ crate = "rand", wrappers = [
|
|
"ipc-channel",
|
|
"phf_generator",
|
|
"quickcheck",
|
|
"servo_rand",
|
|
"tracing-perfetto",
|
|
"tungstenite",
|
|
] },
|
|
]
|
|
|
|
# List of crates to skip for the duplicate check:
|
|
skip = [
|
|
"bitflags",
|
|
"cookie",
|
|
"futures",
|
|
"hermit-abi",
|
|
"redox_syscall",
|
|
"wayland-sys",
|
|
|
|
# Duplicated by aws-lc-rs
|
|
"bindgen",
|
|
|
|
# New versions of these dependencies is pulled in by GStreamer / GLib.
|
|
"itertools",
|
|
"toml",
|
|
|
|
# Duplicated by egui-file-dialog
|
|
"windows",
|
|
"windows-implement",
|
|
"windows-interface",
|
|
"windows-result",
|
|
|
|
# Duplicated by winit.
|
|
"windows-sys",
|
|
"windows-targets",
|
|
"windows_aarch64_gnullvm",
|
|
"windows_aarch64_msvc",
|
|
"windows_i686_gnu",
|
|
"windows_i686_msvc",
|
|
"windows_x86_64_gnu",
|
|
"windows_x86_64_gnullvm",
|
|
"windows_x86_64_msvc",
|
|
|
|
# wgpu has the latest and greatest.
|
|
"foreign-types",
|
|
"foreign-types-shared",
|
|
"metal",
|
|
"windows-core",
|
|
|
|
# wgpu-hal depends on 0.5.0.
|
|
"ndk-sys",
|
|
|
|
# icu (from mozjs) uses old version
|
|
# tracing-subscriber (tokio-rs/tracing#3033) uses old version
|
|
# regex -> regex-automata 0.4.7
|
|
# icu_list -> regex-automata 0.2.0
|
|
# tracing-subscriber -> matchers -> regex-automata 0.1.0
|
|
"regex-automata",
|
|
|
|
# tracing-subscriber (tokio-rs/tracing#3033) uses old version
|
|
# regex [-> regex-automata 0.4.7] -> regex-syntax 0.8.4
|
|
# tracing-subscriber -> matchers -> regex-automata 0.1.0 -> regex-syntax 0.6.29
|
|
"regex-syntax",
|
|
|
|
# rust-content-security-policy uses newest base64.
|
|
"base64",
|
|
|
|
# gilrs is on 0.10.0, but Servo is still on 0.9.4
|
|
"core-foundation",
|
|
|
|
# wgpu crates still depend on 1.1.0
|
|
"rustc-hash",
|
|
|
|
# wgpu depends on thiserror 2, while rest is still on 1
|
|
"thiserror",
|
|
"thiserror-impl",
|
|
|
|
# duplicated by webdriver
|
|
"h2",
|
|
"headers",
|
|
"headers-core",
|
|
"http",
|
|
"http-body",
|
|
"hyper",
|
|
|
|
# duplicated by font-kit
|
|
"redox_users",
|
|
"dirs-sys",
|
|
]
|
|
|
|
# github.com organizations to allow git sources for
|
|
[sources.allow-org]
|
|
github = ["pcwalton", "servo"]
|