[x] I have added a description of my changes and why I'd like them included in the section below
Description of Changes
Fixed the logic that marks crates as "multi" (i.e. crates that are included multiple times under different names). Previously the code used "chunks" to iterate over a node's dependencies, which would yield non-overlapping pairs of dependencies. The issue arises in the following situation:
ab|b'c|de|
Here the dependency b is included twice but the chunking means that a&b are compared, and so are b'&c, but never b&b'.
The new code uses a sliding window checking pairs like:
ab|bb'|b'c|cd|de
Due to Rust's mutability rules we have to use indexes rather than a nice iterator since no &mut windows() method exists (as it would be unsound).
I've cloned cargo-deny locally and set the krates dependency to my local version and then ran it on my project (using cargo run -- --manifest-path ~/my/to/my/rust/project/Cargo.toml check advisories) and it worked. I then set the krates dependency back to 0.16 and then re-ran the command and it failed with:
internal error: entered unreachable code: unable to locate sensitive-headers for crate tower-http 0.4.4 (registry+https://github.com/rust-lang/crates.io-index) features(["default", "trace", "tracing"])
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
So I'm confident my change has fixed the issue I was facing.
Checklist
Description of Changes
Fixed the logic that marks crates as "multi" (i.e. crates that are included multiple times under different names). Previously the code used "chunks" to iterate over a node's dependencies, which would yield non-overlapping pairs of dependencies. The issue arises in the following situation:
ab|b'c|de|
Here the dependency
bis included twice but the chunking means that a&b are compared, and so are b'&c, but never b&b'.The new code uses a sliding window checking pairs like:
ab|bb'|b'c|cd|de
Due to Rust's mutability rules we have to use indexes rather than a nice iterator since no
&mut windows()method exists (as it would be unsound).Related Issues
69 (in particular see: https://github.com/EmbarkStudios/krates/issues/69#issuecomment-1903485752)
Testing
I've cloned
cargo-denylocally and set the krates dependency to my local version and then ran it on my project (usingcargo run -- --manifest-path ~/my/to/my/rust/project/Cargo.toml check advisories) and it worked. I then set the krates dependency back to 0.16 and then re-ran the command and it failed with:So I'm confident my change has fixed the issue I was facing.