-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wildcard version warnings generated for local file dependencies #241
Comments
i dug around a bit and couldnt find a way to distinguish |
Ouch that is unfortunate, this we do have to have some solution for as it is very common, hmm. Maybe one have to extend |
I don't think that's possible because not even cargo knows that. (At least their metadata output) |
This relates a bit to #136, where the intention would be to actual properly parse Cargo.toml manifests for doing error reporting, so having that utility (probably in a separate crate eg krates probably) would mean you could query both the cargo metadata, but also the actual entry in the manifest to distinguish between them for special cases such as this. |
At least until #241 has been resolved, because right now every project using cargo-deny will get warnings by default on all of their valid local file dependencies. Which is not a great default
At least until #241 has been resolved, because right now every project using cargo-deny will get warnings by default on all of their valid local file dependencies. Which is not a great default
It would be nice if I could configure cargo-deny to only warn on / error on wildcard registry dependencies (not git or path dependencies), regardless of whether it was specified explicitly or not. |
PR #227 seems to generate wildcard warnings when using standard path dependencies and specifying no version (as one is using the local file version), don't think that should generate warnings.
Such as:
Think we should only generate wildcard warnings when one is explicitly using the
version
field for the crates.io version.Note that one can also use both a path depependency and a version dependency, where building locally uses the path dependency and building from a crates.io published dependency uses the specific version, then the wildcard warning should still trigger if using wildcard version:
cc @khodzha @Jake-Shadle
The text was updated successfully, but these errors were encountered: