Bug: cargo deny check panics
trinity-1686a opened this issue · comments
Describe the bug
when running cargo deny check on my project, I get a panic:
thread '<unnamed>' panicked at 'cargo metadata resolved a dependency for a dependency not specified by the crate: NodeDep { name: "tantivy", pkg: Kid { name: "tantivy", version: "0.22.0-dev", source: "git+https://github.com/quickwit-oss/tantivy/?rev=108f30b" }, dep_kinds: [DepKindInfo { kind: Normal, cfg: None }] }', /home/trinity/.cargo/registry/src/index.crates.io-6f17d22bba15001f/krates-0.16.5/src/builder.rs:1183:48
stack backtrace:
0: rust_begin_unwind
at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:593:5
1: core::panicking::panic_fmt
at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/panicking.rs:67:14
2: <core::slice::iter::Iter<T> as core::iter::traits::iterator::Iterator>::find_map
3: krates::builder::Builder::build_with_metadata
4: cargo_deny::common::KrateContext::gather_krates
5: <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
6: <rayon_core::job::HeapJob<BODY> as rayon_core::job::Job>::execute
7: rayon_core::registry::WorkerThread::wait_until_cold
8: rayon_core::registry::ThreadBuilder::run
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
To reproduce
git clone https://github.com/quickwit-oss/quickwit
cd quickwit/quickwit
cargo deny checkcargo-deny version
cargo-deny 0.14.9
What OS were you running cargo-deny on?
Linux
Additional context
this seems to be a regression between 0.14.3 and 0.14.6 (I can't build 0.14.4 and 0.14.5).
I suspect this is somehow related to tantivy being a git dependency in this project. The Cargo.toml gives a precise commit. The Cargo.lock has that ref in the source of the crate, but it has 0.22.0-dev as a version.
Duplicate EmbarkStudios/krates#76