In a workspace project we depend on sqlx with some feature flags added, and default features disabled. This leads to a situation where some dependencies are present in the Cargo.lock that are actually not there because of the features.
So cargo tree -i sqlx-mysql does not yield anything, which is the expected result. Hence cargo tree sets the baseline for our expectations.
When running cargo deny check advisories -s we do see a different picture, as if it does not consider the feature flags.
To reproduce
You can find an example repo with a README.md that summaries the things here:
Describe the bug
In a workspace project we depend on
sqlx
with some feature flags added, and default features disabled. This leads to a situation where some dependencies are present in theCargo.lock
that are actually not there because of the features.So
cargo tree -i sqlx-mysql
does not yield anything, which is the expected result. Hencecargo tree
sets the baseline for our expectations.When running
cargo deny check advisories -s
we do see a different picture, as if it does not consider the feature flags.To reproduce
You can find an example repo with a README.md that summaries the things here:
https://github.com/sassman/cargo-deny-dep-graph-issue
cargo-deny version
0.12.2
What OS were you running cargo-deny on?
MacOS
Additional context
No response