search

CycloneDX / cyclonedx-rust-cargo

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
https://cyclonedx.org/
Apache License 2.0
106 stars 44 forks source link

Drop superfluous dependencies pulled in by `jsonschema` #743

Closed Shnatsel closed 4 months ago

Shnatsel commented 4 months ago

jsonschema's default features transitively pulled in reqwest and the entire underlying stack with mio, tokio, and a whole lot of other networking dependencies. We shouldn't have pulled in any of it in the first place, since JSON schemas are only used in tests, and we especially don't need any of its networking functionality.

740 appears to have stalled, so splitting this into its own PR to expedite things.

This does not fully address #741, but gets rid of the most egregious bloat. This is a semver-compatible change that we can ship immediately.

Shnatsel commented 4 months ago

Wait, nevermind, we already have non-semver-compatible changes in master. I'll have to do a backport.