[Feature Request] cargo deny only for deps required for a specific "phase" (normal, build, dev, etc)

Question

[Feature Request] cargo deny only for deps required for a specific "phase" (normal, build, dev, etc)

banool opened this issue 9 months ago · comments

Daniel Porteous (dport) commented 9 months ago

As in, not build or dev deps, similar to how it works with cargo tree:

cargo tree -e features,no-build,no-dev

Daniel Porteous (dport) · Answer 1 · Fri Sep 08 2023 00:55:34 GMT+0800 (China Standard Time)

My config, for context:

# This cargo deny file makes sure that for the Mac target, we don't take on OpenSSL
# deps for the normal (not build / dev) dependencies.

# It doesn't actually check for just normal deps right now:
# https://github.com/EmbarkStudios/cargo-deny/issues/563

all-features = false
no-default-features = false
targets = [
    { triple = "aarch64-apple-darwin" },
]

[advisories]
vulnerability = "allow"
unmaintained = "allow"
notice = "allow"
unsound = "allow"
yanked = "allow"

[licenses]
unlicensed = "allow"
copyleft = "allow"
default = "allow"

[bans]
multiple-versions = "allow"
wildcards = "allow"
workspace-default-features = "allow"
external-default-features = "allow"
# We need to make this only check for the normal deps, not build or dev.
deny = [
    { name = "openssl" },
    { name = "openssl-sys" },
    { name = "openssl-macros" },
]

[sources]
unknown-registry = "allow"
unknown-git = "allow"

Daniel Porteous (dport) · Answer 2 · Thu Sep 14 2023 09:48:19 GMT+0800 (China Standard Time)

Hey @repi @Jake-Shadle I don't suppose you know the answer to this?

Jake Shadle · Answer 3 · Thu Sep 14 2023 14:16:36 GMT+0800 (China Standard Time)

You can't currently only check normal dependencies when checking for bans.

Daniel Porteous (dport) · Answer 4 · Thu Sep 14 2023 16:12:16 GMT+0800 (China Standard Time)

I see, thanks! I'll rename this issue then and turn it into a feature request hahah. If I get time I can look into it but I doubt that'll happen in the near future.