Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

publish: Introduce dependency limit #7916

Merged
merged 2 commits into from Jan 12, 2024
Merged

publish: Introduce dependency limit #7916

merged 2 commits into from Jan 12, 2024

Conversation

Turbo87
Copy link
Member

@Turbo87 Turbo87 commented Jan 11, 2024

Allowing users to publish crates with an unlimited number of dependencies has the potential to cause various issues. The crate with the most dependencies currently has 256 dependencies, so a limit of 500 dependencies seems reasonable for now. If necessary, we can make this limit configurable with an environment variable in the future, or even per crate with another database column.

see https://rust-lang.zulipchat.com/#narrow/stream/318791-t-crates-io/topic/dependencies.20limit

@Turbo87
publish: Validate dependencies before adding crate to the database
7accc8b
@Turbo87
publish: Introduce dependency limit
d2f8d6c 
Allowing users to publish crates with an unlimited number of dependencies has the potential to cause various issues. The crate with the most dependencies currently has 256 dependencies, so a limit of 500 dependencies seems reasonable for now. If necessary, we can make this limit configurable with an environment variable in the future, or even per crate with another database column.
@Turbo87 Turbo87 added C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works A-backend ⚙️ labels Jan 11, 2024
@Turbo87 Turbo87 requested a review from a team January 11, 2024 10:43
LawnGnome
LawnGnome approved these changes Jan 11, 2024
View reviewed changes
Copy link
Contributor

@LawnGnome LawnGnome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@Turbo87 Turbo87 merged commit c0ea8fb into rust-lang:main Jan 12, 2024
6 checks passed
@Turbo87 Turbo87 deleted the dep-limit branch January 12, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LawnGnome LawnGnome LawnGnome approved these changes

Assignees
No one assigned
Labels
A-backend ⚙️ C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works
Projects
crates.io team meetings
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Turbo87 @LawnGnome