cargo-deny #1698
cargo-deny #1698
Conversation
[cargo-deny](https://github.com/EmbarkStudios/cargo-deny) is an amazing tool that protects from: * duplicated crates (code bloat) * copy-left licenses in the dependency tree * RUSTSEC advisories In this case it discovered the duplication of 'jpeg-decoder' and 'miniz_oxide', both because of the 'tiff' crate. Until we can update the tiff crate and resolve those problem I opted to ignore these duplicated crated in the deny.toml file. Adding cargo-deny to the CI will prevent more dependency duplication, hence this unsolicited PR.
|
How widely used is cargo-deny? The duplicated crate and RUSTSEC detection are both very welcome additions, though I'm slightly less convinced about adopting a policy to ban specific open source licenses. |
|
It's hard to gauge how widely used cargo-deny is, but I know a lot of companies use it (and it is backed by one). It can be configured extensively so that that, for instance, the license check is disabled. For commercial software, keeping copy-left licenses out can be critical, but it is of course less important for libraries such as the |
new versions of image-tiff and flate2 has been published
|
I removed the license check, and because new versions of |
|
Thanks for merging this! This will help a lot in keeping my dependency tree nice and tidy, and free of duplicates ❤️ |
cargo-deny is an amazing tool that protects from:
In this case it discovered the duplication of
jpeg-decoderandminiz_oxide, caused by thetiffandflate2crates.Until new releases ofEDIT: new versions oftiffandflate2are published I opted to ignore these duplicated crates in thedeny.tomlfile.tiffandflate2have been published, removing the duplication.Adding cargo-deny to the CI will prevent more dependency duplication, hence this unsolicited PR.
I license past and future contributions under the dual MIT/Apache-2.0 license,
allowing licensees to chose either at their option.