Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option in config/cli to exclude dev-dependencies for the workspace #322

Closed
Jake-Shadle opened this issue Dec 18, 2020 · 0 comments · Fixed by #557
Closed

Add option in config/cli to exclude dev-dependencies for the workspace #322

Jake-Shadle opened this issue Dec 18, 2020 · 0 comments · Fixed by #557
Labels
enhancement New feature or request

Comments

@Jake-Shadle
Copy link
Member

Jake-Shadle commented Dec 18, 2020
edited

Right now we disregard all dev-dependencies for non-workspace crates as they aren't even actually used in the workspace itself, however it's quite often that dev-dependencies of the workspace pull in eg duplicates or other issues that, while they do affect the workspace, are less of a concern since they are not actually a part of the final binary output of the workspace.
@Jake-Shadle Jake-Shadle added the enhancement New feature or request label Dec 18, 2020
HippoBaro added a commit to HippoBaro/glommio that referenced this issue Nov 26, 2021
@HippoBaro
update dependencies to avoid transitive dependency to chrono crate
04caee0 
The `chrono` crate has a security vulnerability and the ecosystem is
moving away from it, so should be (also it annoys me that `cargo-check`
doesn't pass any more because of this).

See https://rustsec.org/advisories/RUSTSEC-2020-0159 for details.

Cargo-check can't be configured to tolerate vulnerabilities in dev
dependencies right now. It's a feature request, so maybe it'll come one
day:
EmbarkStudios/cargo-deny#322
HippoBaro added a commit to HippoBaro/glommio that referenced this issue Nov 26, 2021
@HippoBaro
update dependencies to avoid transitive dependencies to chrono crate
b344338 
The `chrono` crate has a security vulnerability, and the ecosystem is
moving away from it, so should be (also it annoys me that `cargo-check`
doesn't pass anymore because of this).

See https://rustsec.org/advisories/RUSTSEC-2020-0159 for details.

Cargo-check can't be configured to tolerate vulnerabilities in dev
dependencies right now. It's a feature request, so maybe it'll come one
day:
EmbarkStudios/cargo-deny#322
HippoBaro added a commit to HippoBaro/glommio that referenced this issue Nov 26, 2021
@HippoBaro
update dependencies to avoid depending on the chrono crate
16615e1 
The `chrono` crate has a security vulnerability, and the ecosystem is
moving away from it, so should be (also it annoys me that `cargo-check`
doesn't pass anymore because of this).

See https://rustsec.org/advisories/RUSTSEC-2020-0159 for details.

Cargo-check can't be configured to tolerate vulnerabilities in dev
dependencies right now. It's a feature request, so maybe it'll come one
day:
EmbarkStudios/cargo-deny#322
@HippoBaro HippoBaro mentioned this issue Nov 26, 2021
Merged
HippoBaro added a commit to HippoBaro/glommio that referenced this issue Nov 26, 2021
@HippoBaro
update dependencies to avoid depending on the chrono crate
07f55d0 
The `chrono` crate has a security vulnerability, and the ecosystem is
moving away from it, so should we (also it annoys me that `cargo-check`
doesn't pass anymore because of this).

See https://rustsec.org/advisories/RUSTSEC-2020-0159 for details.

Cargo-check can't be configured to tolerate vulnerabilities in dev
dependencies right now. It's a feature request, so maybe it'll come one
day:
EmbarkStudios/cargo-deny#322
HippoBaro added a commit to DataDog/glommio that referenced this issue Nov 26, 2021
@HippoBaro
update dependencies to avoid depending on the chrono crate
0f3233e 
The `chrono` crate has a security vulnerability, and the ecosystem is
moving away from it, so should we (also it annoys me that `cargo-check`
doesn't pass anymore because of this).

See https://rustsec.org/advisories/RUSTSEC-2020-0159 for details.

Cargo-check can't be configured to tolerate vulnerabilities in dev
dependencies right now. It's a feature request, so maybe it'll come one
day:
EmbarkStudios/cargo-deny#322
@Weibye Weibye mentioned this issue Jun 16, 2022
Merged
@Jake-Shadle Jake-Shadle mentioned this issue Sep 3, 2023
Merged
Jake-Shadle added a commit that referenced this issue Sep 4, 2023
@Jake-Shadle
Add support for ignoring dev dependencies (#557)
e815a51 
Resolves: #322
Resolves: #329
Resolves: #413
Resolves: #497
@Porkepix Porkepix mentioned this issue Sep 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for ignoring dev dependencies EmbarkStudios/cargo-deny
1 participant
@Jake-Shadle