Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rbx_cookie lib contains cli-specific dependencies #192

Closed
filiptibell opened this issue Aug 4, 2023 · 1 comment · Fixed by #193
Closed

rbx_cookie lib contains cli-specific dependencies #192

filiptibell opened this issue Aug 4, 2023 · 1 comment · Fixed by #193

Comments

@filiptibell
Copy link
Contributor

rbx_cookie as a library currently depends on clap and env_logger even for the library published to crates.io, with no feature flag to disable them. This is causing Lune to have duplicate dependencies on these libraries, and the old version of clap also depends on atty which is deprecated and currently giving the Lune repo a security advisory warning.
@blake-mealey
Copy link
Owner

FWIW, as you have already uncovered, these dependencies aren't used by the library so you should be able to safely ignore the warning if you're only using the library.

That said, we could try upgrading the dependency to get past the security advisory, or maybe there's a way to split the dependencies so they are only included with the binary. Happy to accept a PR :)

@filiptibell filiptibell mentioned this issue Aug 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(rbx_cookie): put CLI dependencies behind feature flag
2 participants
@blake-mealey @filiptibell