I have a crate which is using url as an optional dependency (Cargo.toml below). And, for whatever reason, carg-deny seems to treat url as if it was a wildcard dependency.
Of note, I have other, internal, dependencies which are git with pinned commit (see #554 ), and sorting alphabetically, url is the first dependency after those, so it may be an off-by-one error.
Describe the bug
I have a crate which is using
url
as an optional dependency (Cargo.toml
below). And, for whatever reason,carg-deny
seems to treaturl
as if it was a wildcard dependency.Of note, I have other, internal, dependencies which are git with pinned commit (see #554 ), and sorting alphabetically,
url
is the first dependency after those, so it may be an off-by-one error.To reproduce
I have no idea how to reproduce this, but if necessary I can work on making a minimum reproduction.
cargo-deny version
cargo-deny 0.14.1
What OS were you running cargo-deny on?
Linux
Additional context
No response