Closed stormshield-gt closed 7 months ago
When an optional feature is added depending on a cfg, the dependencies it brings in are not scanned by cargo deny. I expected that would be the case.
cfg
cargo deny check ban
deny.toml
[bans] deny = [{ crate = "native-tls"}]
Cargo.toml
[package] name = "foo" version = "0.1.0" edition = "2021" resolver = "2" [dependencies] reqwest = { version = "0.12", default-features = false } [target.'cfg(target_os = "android")'.dependencies] reqwest = { version = "0.12", features = ["native-tls-vendored"] }
0.14.20
Linux
If we remove the main dependencies, the banned crate its detected as expected
[package] name = "foo" version = "0.1.0" edition = "2021" resolver = "2" # [dependencies] # reqwest = { version = "0.12", default-features = false } [target.'cfg(target_os = "android")'.dependencies] reqwest = { version = "0.12", features = ["native-tls-vendored"] }
I try to play with the resolver and tweaking cargo-deny options without success
Describe the bug
When an optional feature is added depending on a
cfg, the dependencies it brings in are not scanned by cargo deny. I expected that would be the case.To reproduce
cargo deny check bandeny.toml
Cargo.toml
cargo-deny version
0.14.20
What OS were you running cargo-deny on?
Linux
Additional context
If we remove the main dependencies, the banned crate its detected as expected
Cargo.toml
I try to play with the resolver and tweaking cargo-deny options without success