Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deterministically order versions in duplicate reports #384

Closed
djc opened this issue Dec 6, 2021 · 2 comments · Fixed by #414 or #424
Closed

Deterministically order versions in duplicate reports #384

djc opened this issue Dec 6, 2021 · 2 comments · Fixed by #414 or #424
Labels
enhancement New feature or request

Comments

@djc
Copy link

djc commented Dec 6, 2021

Is your feature request related to a problem? Please describe.

When reviewing duplicate dependencies as reported by cargo deny, I'd like it if there was a consistent ordering. For example, I currently get this output:

warning[B004]: found 2 duplicate entries for crate 'strsim'
    ┌─ /Users/djc/src/bolt/rust/Cargo.lock:208:1
    │  
208 │ ╭ strsim 0.10.0 registry+https://github.com/rust-lang/crates.io-index
209 │ │ strsim 0.8.0 registry+https://github.com/rust-lang/crates.io-index
    │ ╰──────────────────────────────────────────────────────────────────^ lock entries
    │  
    = strsim v0.10.0
      └── darling_core v0.13.0
          ├── darling v0.13.0
          │   └── mendes-macros v0.0.41
          │       └── mendes v0.0.59
          │           ├── diachron v0.1.0
          │           ├── nominl v0.1.0
          │           ├── screenshot v0.1.0
          │           ├── servec v0.1.0
          │           └── service v0.1.0
          │               ├── diachron v0.1.0 (*)
          │               ├── nominl v0.1.0 (*)
          │               ├── screenshot v0.1.0 (*)
          │               └── servec v0.1.0 (*)
          └── darling_macro v0.13.0
              └── darling v0.13.0 (*)
    = strsim v0.8.0
      └── clap v2.34.0
          └── structopt v0.3.25
              ├── diachron v0.1.0
              ├── loader v0.1.0
              ├── nominl v0.1.0
              ├── screenshot v0.1.0
              ├── servec v0.1.0
              ├── vectors v4.0.0
              │   ├── loader v0.1.0 (*)
              │   ├── nominl v0.1.0 (*)
              │   └── servec v0.1.0 (*)
              └── whois v0.1.0

warning[B004]: found 2 duplicate entries for crate 'tokio-rustls'
    ┌─ /Users/djc/src/bolt/rust/Cargo.lock:228:1
    │  
228 │ ╭ tokio-rustls 0.22.0 registry+https://github.com/rust-lang/crates.io-index
229 │ │ tokio-rustls 0.23.1 registry+https://github.com/rust-lang/crates.io-index
    │ ╰─────────────────────────────────────────────────────────────────────────^ lock entries
    │  
    = tokio-rustls v0.22.0
      ├── hyper-rustls v0.22.1
      │   └── gcp_auth v0.5.0
      │       └── (dev) gcp v0.1.0
      └── tonic v0.6.1
          └── gcp v0.1.0 (*)
    = tokio-rustls v0.23.1
      ├── hyper-rustls v0.23.0
      │   └── reqwest v0.11.7
      │       ├── nominl v0.1.0
      │       ├── screenshot v0.1.0
      │       └── service v0.1.0
      │           ├── diachron v0.1.0
      │           ├── nominl v0.1.0 (*)
      │           ├── screenshot v0.1.0 (*)
      │           └── servec v0.1.0
      └── reqwest v0.11.7 (*)

Note that strsim v0.10.0 is shown before strsim v0.8.0 while tokio-rustls v0.22.0 is shown before tokio-rustls v0.23.1. I'm not sure that it matters much what the order is, but it would be nicer to process these reports if the order was consistent.

@djc
Copy link
Author

djc commented Apr 25, 2022

FWIW, I'm still seeing this issue even with 0.11.4:

warning[B004]: found 2 duplicate entries for crate 'sha-1'
    ┌─ /Users/djc/src/bolt/rust/domains/Cargo.lock:268:1
    │  
268 │ ╭ sha-1 0.8.2 registry+https://github.com/rust-lang/crates.io-index
269 │ │ sha-1 0.10.0 registry+https://github.com/rust-lang/crates.io-index
    │ ╰──────────────────────────────────────────────────────────────────^ lock entries
    │  
    = sha-1 v0.10.0
      └── sqlx-core v0.5.13
          ├── sqlx v0.5.13
          │   ├── certifier v0.1.0
          │   ├── dns v0.1.0
          │   │   ├── certifier v0.1.0 (*)
          │   │   ├── epoxide v0.1.0
          │   │   ├── proxy v0.1.0
          │   │   └── store v0.1.0
          │   │       ├── certifier v0.1.0 (*)
          │   │       ├── epoxide v0.1.0 (*)
          │   │       ├── proxy v0.1.0 (*)
          │   │       └── whois v0.1.0
          │   ├── epoxide v0.1.0 (*)
          │   └── migrate v0.1.0
          └── sqlx-macros v0.5.13
              └── sqlx v0.5.13 (*)
    = sha-1 v0.8.2
      └── (build) pest_meta v2.1.3
          └── pest_generator v2.1.3
              └── pest_derive v2.1.0
                  └── async-graphql-parser v3.0.38
                      ├── async-graphql v3.0.38
                      │   └── epoxide v0.1.0
                      └── async-graphql-derive v3.0.38
                          └── async-graphql v3.0.38 (*)

warning[B004]: found 2 duplicate entries for crate 'spin'
    ┌─ /Users/djc/src/bolt/rust/domains/Cargo.lock:279:1
    │  
279 │ ╭ spin 0.5.2 registry+https://github.com/rust-lang/crates.io-index
280 │ │ spin 0.9.3 registry+https://github.com/rust-lang/crates.io-index
    │ ╰────────────────────────────────────────────────────────────────^ lock entries
    │  
    = spin v0.5.2
      └── ring v0.16.20
          ├── acme v0.1.0
          │   ├── certifier v0.1.0
          │   ├── epoxide v0.1.0
          │   └── (dev) proxy v0.1.0
          ├── epoxide v0.1.0 (*)
          ├── gcp_auth v0.7.2
          │   └── gcp v0.1.0
          │       ├── certifier v0.1.0 (*)
          │       ├── epoxide v0.1.0 (*)
          │       ├── epp v0.1.0
          │       │   └── epoxide v0.1.0 (*)
          │       └── proxy v0.1.0 (*)
          ├── mendes v0.0.64
          │   ├── certifier v0.1.0 (*)
          │   ├── epoxide v0.1.0 (*)
          │   ├── proxy v0.1.0 (*)
          │   └── service v0.1.0
          │       ├── certifier v0.1.0 (*)
          │       ├── dns v0.1.0
          │       │   ├── certifier v0.1.0 (*)
          │       │   ├── epoxide v0.1.0 (*)
          │       │   ├── proxy v0.1.0 (*)
          │       │   └── store v0.1.0
          │       │       ├── certifier v0.1.0 (*)
          │       │       ├── epoxide v0.1.0 (*)
          │       │       ├── proxy v0.1.0 (*)
          │       │       └── whois v0.1.0
          │       ├── epoxide v0.1.0 (*)
          │       ├── epp v0.1.0 (*)
          │       ├── migrate v0.1.0
          │       ├── proxy v0.1.0 (*)
          │       ├── store v0.1.0 (*)
          │       └── whois v0.1.0 (*)
          ├── rcgen v0.9.2
          │   ├── certifier v0.1.0 (*)
          │   ├── epoxide v0.1.0 (*)
          │   └── (dev) proxy v0.1.0 (*)
          ├── rustls v0.19.1
          │   ├── sqlx-core v0.5.13
          │   │   ├── sqlx v0.5.13
          │   │   │   ├── certifier v0.1.0 (*)
          │   │   │   ├── dns v0.1.0 (*)
          │   │   │   ├── epoxide v0.1.0 (*)
          │   │   │   └── migrate v0.1.0 (*)
          │   │   └── sqlx-macros v0.5.13
          │   │       └── sqlx v0.5.13 (*)
          │   └── tokio-rustls v0.22.0
          │       └── sqlx-rt v0.5.13
          │           ├── sqlx-core v0.5.13 (*)
          │           └── sqlx-macros v0.5.13 (*)
          ├── rustls v0.20.4
          │   ├── gcp_auth v0.7.2 (*)
          │   ├── hyper-rustls v0.23.0
          │   │   ├── gcp_auth v0.7.2 (*)
          │   │   └── reqwest v0.11.10
          │   │       ├── acme v0.1.0 (*)
          │   │       ├── epoxide v0.1.0 (*)
          │   │       ├── gcp v0.1.0 (*)
          │   │       ├── migrate v0.1.0 (*)
          │   │       └── service v0.1.0 (*)
          │   ├── lettre v0.10.0-rc.5
          │   │   └── epoxide v0.1.0 (*)
          │   ├── reqwest v0.11.10 (*)
          │   └── tokio-rustls v0.23.3
          │       ├── epoxide v0.1.0 (*)
          │       ├── epp-client v0.3.1
          │       │   └── epp v0.1.0 (*)
          │       ├── hyper-rustls v0.23.0 (*)
          │       ├── lettre v0.10.0-rc.5 (*)
          │       ├── proxy v0.1.0 (*)
          │       ├── reqwest v0.11.10 (*)
          │       └── tonic v0.7.1
          │           └── gcp v0.1.0 (*)
          ├── sct v0.6.1
          │   └── rustls v0.19.1 (*)
          ├── sct v0.7.0
          │   └── rustls v0.20.4 (*)
          ├── webpki v0.21.4
          │   ├── rustls v0.19.1 (*)
          │   ├── sqlx-core v0.5.13 (*)
          │   ├── tokio-rustls v0.22.0 (*)
          │   └── webpki-roots v0.21.1
          │       └── sqlx-core v0.5.13 (*)
          └── webpki v0.22.0
              ├── rustls v0.20.4 (*)
              ├── tokio-rustls v0.23.3 (*)
              └── webpki-roots v0.22.3
                  ├── epp-client v0.3.1 (*)
                  └── lettre v0.10.0-rc.5 (*)
    = spin v0.9.3
      └── multer v2.0.2
          └── async-graphql v3.0.38
              └── epoxide v0.1.0

spin 0.5 appears before spin 0.9, but sha-1 0.10.0 appears before sha-1 0.8.2 in the dependency trees. It seems to be consistent only for the header thingy.

@Jake-Shadle
Copy link
Member

Oh thanks, probably should have added a test on top of the PR, my bad.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
2 participants