Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use cargo-deny to prevent duplicate dependencies #653

Closed
emilk opened this issue Aug 22, 2023 · 2 comments · Fixed by #661
Closed

Use cargo-deny to prevent duplicate dependencies #653

emilk opened this issue Aug 22, 2023 · 2 comments · Fixed by #661

Comments

@emilk
Copy link
Contributor

emilk commented Aug 22, 2023

ureq v2.7.1 imports two different versions of rustls-webpki

    = rustls-webpki v0.100.2
      ├── ureq v2.7.1
      └── webpki-roots v0.23.1
          └── ureq v2.7.1
          
    = rustls-webpki v0.101.4
      └── rustls v0.21.6
          └── ureq v2.7.1

This leads to extra compile time and code bloat.

We can prevent this by running cargo-deny on CI https://github.com/EmbarkStudios/cargo-deny
@algesten
Copy link
Owner

Yeah. This would be really nice. A PR changing the github CI would be most welcome!

@fredizzimo
Copy link

There's also a security issue in the 0.100.2, version, so it would be nice to get this updated. Dependabot reports it here for us https://github.com/neovide/neovide/security/dependabot/15

@emilk emilk mentioned this issue Sep 30, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add cargo-deny check to CI rerun-io/ureq
3 participants
@algesten @emilk @fredizzimo