track build dependencies and versions #424
Description
Nimble could keep track of which dependencies are used during a build and their versions. This is useful during the lifetime of statically linked binaries to track:
- if any of the dependencies used a build time has (currently) known security issues
- ...or bugs or copyright violations that justify rebuilding and deploying the binary
- in order to debug issues that happen only with a specific combination of dependency versions
This information could be printed out at build time but embedded in the binary to be available where it's deployed.
If a dependency was tracking HEAD, the commitish should be tracked instead.
The compiler/stdlib version should be tracked as well.
At build time, Nimble could also print out where the dependencies are coming from: globally, from ~/.nimble, from the local directory, from $NIM_LIB_PREFIX ...
This allows debugging issues like #407 and checking that the compiler is using the right sources.
(Paths should not be embedded in the binary)