Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: overriding feature make banned crate pass the check #82

Closed
stormshield-gt opened this issue Apr 11, 2024 · 0 comments · Fixed by #83
Closed

Bug: overriding feature make banned crate pass the check #82

stormshield-gt opened this issue Apr 11, 2024 · 0 comments · Fixed by #83
Labels
bug Something isn't working

Comments

@stormshield-gt
Copy link

Describe the bug

When an optional feature is added depending on a cfg, the dependencies it brings in are not scanned by cargo deny. I expected that would be the case.

To reproduce

cargo deny check ban

deny.toml

[bans]
deny = [{ crate = "native-tls"}]

Cargo.toml

[package]
name = "foo"
version = "0.1.0"
edition = "2021"
resolver = "2"

[dependencies]
reqwest = { version = "0.12", default-features = false }

[target.'cfg(target_os = "android")'.dependencies]
reqwest = { version = "0.12", features = ["native-tls-vendored"] }

cargo-deny version

0.14.20

What OS were you running cargo-deny on?

Linux

Additional context

If we remove the main dependencies, the banned crate its detected as expected

Cargo.toml

[package]
name = "foo"
version = "0.1.0"
edition = "2021"
resolver = "2"

# [dependencies]
# reqwest = { version = "0.12", default-features = false }

[target.'cfg(target_os = "android")'.dependencies]
reqwest = { version = "0.12", features = ["native-tls-vendored"] }

I try to play with the resolver and tweaking cargo-deny options without success
@stormshield-gt stormshield-gt added the bug Something isn't working label Apr 11, 2024
@Jake-Shadle Jake-Shadle transferred this issue from EmbarkStudios/cargo-deny Apr 11, 2024
@Jake-Shadle Jake-Shadle mentioned this issue Apr 11, 2024
Merged
@Jake-Shadle Jake-Shadle mentioned this issue Apr 12, 2024
Merged
Jake-Shadle added a commit to EmbarkStudios/cargo-deny that referenced this issue Apr 12, 2024
@Jake-Shadle
Update krates (#649)
d3021f6 
Updates krates to 0.16.10 to fix a bug originally filed on this repo,
EmbarkStudios/krates#82. This bug meant that
depending on the same crate multiple times by using different ``cfg()`
expressions could cause crates that were pulled in by features to not be
properly appended to the graph, and thus not checked by cargo-deny.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix cfg issues EmbarkStudios/krates
1 participant
@stormshield-gt