bholley
commented
11 months ago Thanks for the patch! @mystor WDYT?
Closed TitanNano closed 9 months ago
bholley
commented
11 months ago Thanks for the patch! @mystor WDYT?
TitanNano
commented
11 months ago I think
cargo metadatais already handling optional dependencies correctly, and only including them when needed. Do you have a concrete example where an optional dependency is incorrectly being included in the metadata? It would be useful to understand the problem we're trying to solve.
I have outlined one of our issues in a comment on the related issue: https://github.com/mozilla/cargo-vet/issues/537#issuecomment-1698863441
For example, sqlx is pulling in various drivers even though only one of them has been enabled via a feature.
There is also this cargo issue which indicates that this is indeed a problem, https://github.com/rust-lang/cargo/issues/10801. This all said, I can see that your example is correct, and I haven't yet identified what the difference to the sqlx example is.
cargo metadatacurrently outputs all dependencies, even optional dependencies that are not active. By comparingdep:*features with dependencies that have been declared as optional, we can eliminate inactive optional dependencies.For #537