Bug: cargo-deny-advisories does not operate on the right dependency tree
sassman opened this issue · comments
Describe the bug
In a workspace project we depend on sqlx
with some feature flags added, and default features disabled. This leads to a situation where some dependencies are present in the Cargo.lock
that are actually not there because of the features.
So cargo tree -i sqlx-mysql
does not yield anything, which is the expected result. Hence cargo tree
sets the baseline for our expectations.
When running cargo deny check advisories -s
we do see a different picture, as if it does not consider the feature flags.
To reproduce
You can find an example repo with a README.md that summaries the things here:
https://github.com/sassman/cargo-deny-dep-graph-issue
cargo-deny version
0.12.2
What OS were you running cargo-deny on?
MacOS
Additional context
No response
Seems the issue is already fixed in cargo-deny 0.14.20