search

EmbarkStudios / cargo-deny

❌ Cargo plugin for linting your dependencies 🦀
http://embark.rs
Apache License 2.0
1.71k stars 83 forks source link

Bug: an optional dependency treated as a wildcard. #555

Closed jaskij closed 1 year ago

jaskij commented 1 year ago

Describe the bug

I have a crate which is using url as an optional dependency (Cargo.toml below). And, for whatever reason, carg-deny seems to treat url as if it was a wildcard dependency.

Of note, I have other, internal, dependencies which are git with pinned commit (see #554 ), and sorting alphabetically, url is the first dependency after those, so it may be an off-by-one error.

[package]
name = "redacted"
version = "0.1.0"
edition = "2021"
publish = false

[features]
default = ["page-switcher"]
page-switcher = ["url", "zbus"]

[dependencies]
anyhow = "1.0.63"
async-nats = { optional = true, version = "0.31.0" }
bytes = "1.4.0"
clap = { version = "4.0.28", features = ["derive", "env", "unicode", "wrap_help"] }
futures = "0.3.26"
lazy_static = "1.4.0"
metrics = { optional = true, version = "0.21.0" }
metrics-exporter-prometheus = { optional = true, version = "0.12.0" }
num-traits = { optional = true, version = "0.2.15" }
shadow-rs = "0.23.0"
smart-default = "0.7.1"
thiserror = "1.0.37"
url = { optional = true, verison = "2.4.0" }
valuable = "0.1.0"
zbus = { version = "3.13.1", optional = true, default-features = false, features = ["tokio"] }

# internal dependencies
u-redacted-dep-1 = { optional = true, git = "ssh://git@redacted.domain/software/redatced.git", rev = "54228bfabb8bd7071f5e26569984d23a58ea5d72" }
u-redacted-dep-2 = { git = "ssh://git@redacted.domain/software/redatced.git", rev = "54228bfabb8bd7071f5e26569984d23a58ea5d72" }
u-redacted-dep-3 = { optional = true, git = "ssh://git@redacted.domain/software/redatced.git", rev = "54228bfabb8bd7071f5e26569984d23a58ea5d72" }
u-redacted-dep-4 = { git = "ssh://git@redacted.domain/software/redatced.git", rev = "54228bfabb8bd7071f5e26569984d23a58ea5d72" }

u-redacted-dep-5 = { git = "ssh://git@redacted.domain/software/rust/utils.git", rev = "f75a3833105b3dfa88b9677e39b031c60a80fd5f" }
u-redacted-dep-6 = { git = "ssh://git@redacted.domain/software/rust/utils.git", rev = "f75a3833105b3dfa88b9677e39b031c60a80fd5f" }
u-redacted-dep-7 = { git = "ssh://git@redacted.domain/software/rust/utils.git", rev = "f75a3833105b3dfa88b9677e39b031c60a80fd5f" }
u-redacted-dep-8 = { git = "ssh://git@redacted.domain/software/rust/utils.git", rev = "f75a3833105b3dfa88b9677e39b031c60a80fd5f" }
u-redacted-dep-9 = { git = "ssh://git@redacted.domain/software/rust/utils.git", rev = "f75a3833105b3dfa88b9677e39b031c60a80fd5f" }

[dependencies.tracing]
version = "0.1"
default-features = false
features = ["max_level_trace", "release_max_level_debug", "valuable"]

[dependencies.tokio]
version = "1.18.2"
default-features = false
features = ["macros", "net", "rt", "rt-multi-thread", "signal", "sync", "time"]

[build-dependencies]
shadow-rs = "0.23.0"

[profile.release-lto]
inherits = "release"
lto = "thin"
codegen-units = 1
strip = true

To reproduce

I have no idea how to reproduce this, but if necessary I can work on making a minimum reproduction.

cargo-deny version

cargo-deny 0.14.1

What OS were you running cargo-deny on?

Linux

Additional context

No response

Jake-Shadle commented 1 year ago

You misspelled version

jaskij commented 1 year ago

Just noticed it myself, thank you.