Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor config #605

Merged
merged 24 commits into from
Feb 20, 2024
Merged

Refactor config #605

merged 24 commits into from
Feb 20, 2024

Conversation

Jake-Shadle
Copy link
Member

@Jake-Shadle Jake-Shadle commented Feb 20, 2024
edited
Loading

This PR completely refactors the deny configuration, notably:

toml-span

toml-span is now used for parsing toml files (currently only deny.toml, but eventually cargo manifests as well), replacing toml. This was done so that span information is always available for keys and values if we want to use it, as well as just reducing external dependencies and build times, as serde is no longer used.

PackageSpec

Specifying a package spec via the name + version combo occurs in many locations in the config, but this has verbose in both the simple case, where you just want to specify a crate name (eg. [bans.deny]), as well as needing an entire extra key if you do want to specify the version requirement.

In addition, it was not possible to specify just a string previously due to toml + serde making us decide between supporting plain strings for package specs, and span information.

In all cases (and a few new ones) where the package name + version could be used, now a simple string can be used instead, or, if you want/need to supply additional values as a table, the crate key can be used instead which follows a simple format as a single string, instead of the separate name/version keys. name and version are still supported, but are deprecated and will be removed in a future release.

Format

The string format of PackageSpec is quite simple:

  1. No version - <crate_name> = *
  2. Exact - <crate_name>@<semver> = =<semver>
  3. Requirements - <crate_name>:<semver_requirements> = <semver_requirements>

Add reason, use-instead

Many items can now be tagged with a reason = "<reason>" and/or use-instead = "<crate_name>/<url>" to add explanatory/helpful messages that are surfaced with diagnostic messages. This was added to fix #578 instead of the typical fallback of relying on toml comments that might not be part of the diagnostic span.

[advisories.ignore]

Yanked crates can now be ignored by specifying a crate spec + optional reason as a string or table, while still supporting advisory ids.

Root table improved

The targets, all-features, features, no-default-features, exclude, and exclude-dev keys have been moved to the new graph table, as they all affect the dependency graph that cargo-deny performs checks against. The feature-depth key has been moved to the output table. The old locations are still respected, but are deprecated. Note also that targets can now just take a string instead of triple = <target_triple>.

Resolves: #264
Resolves: #539
Resolves: #578
Resolves: #579

@Jake-Shadle Jake-Shadle merged commit 3b13cc9 into main Feb 20, 2024
9 checks passed
@Jake-Shadle Jake-Shadle deleted the refactor-config branch February 20, 2024 18:04
@BrewTestBot BrewTestBot mentioned this pull request Feb 23, 2024
Merged
Nemo157
Nemo157 reviewed Feb 24, 2024
View reviewed changes
src/diag.rs Show resolved Hide resolved
@Jake-Shadle Jake-Shadle mentioned this pull request Feb 24, 2024
Merged
Jake-Shadle added a commit that referenced this pull request Feb 24, 2024
@Jake-Shadle
Fix issue with bans codes as args (#615)
ea36bf2 
An issue was introduced in [#605
](#605 (comment))
as I had commented out code while iterating on changes and forgot to add
back this case because it wasn't covered by any tests. I've added a
snapshot test to catch it in the future, as well as added the
`deprecated` code to the list of options.
@torokati44 torokati44 mentioned this pull request Mar 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nemo157 Nemo157 Nemo157 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Jake-Shadle @Nemo157