This repository has been archived by the owner on Nov 22, 2023. It is now read-only.
Disallow wildcard dependencies with cargo-deny
#193
Labels
automation-and-testing
Automate everything
good first issue
Approachable for beginners! No special knowledge needed
Comments
TimJentzsch
added
automation-and-testing
|
This is no longer blocked, see EmbarkStudios/cargo-deny#487 We need to use the |
TimJentzsch
added
blocked
|
Seems like the issue is not fully resolved yet. |
alice-i-cecile
removed
the
blocked
|
We're no longer using any git dependencies, so this is unblocked. |
alice-i-cecile
added
the
good first issue
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We don't want to allow wildcard dependencies, as they might allow dependency upgrades with breaking changes.
However,
cargo-denycurrently treats all git dependencies as wildcards, even when the commit hash is fixed.We need to wait for EmbarkStudios/cargo-deny#488 to switch this back.
Then we can change the corresponding entry in
deny.toml.The text was updated successfully, but these errors were encountered: