You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In our private repository we have more than a 100 duplicate dependencies, and deduplicating them is painful. It is also painful to maintain the deny.toml file with all the bans.skip and bans.skip_tree entries manually.
In fact, even though the bans.skip_tree is intended as a "wildcard skip", but this one hides too many things, and naive developers sometimes put the skip config under skip_tree by mistake therefore making things ever worse.
I developed a nushell script that automates the management of deny.toml by generating the skip configuration and automates running the granular cargo update command to try updating the dependencies within the compatible ranges to avoid duplicates.
I wrote some docs in our private notion knowledgebase, but published it to the public under this link.
I think the nushell script I developed there could already be used by anyone to automate the maintenance of the deny.toml file, and it could also be used as a good POC for rewriting this implementation in Rust and including it into cargo-deny.
Generate the bans.skip configuration automatically
cargo deny has enough information to be able to generate the bans.skip list automatically. There could be a command in cargo deny that does the same thing as deny.nu skips command in the script shared above.
However, cargo-deny could benefit from toml_edit Rust crate to make the modifications in deny.toml without requiring the user to copy and paste the TOML output from the terminal.
Run cargo update with all the parent packages of the duplicate dependency
If you run deny.nu dedup it will run the cargo update command, but it will take care to pass -p parameters with the package names that comprise the parent crates for the duplicate. This way you can granularly update the dependency tree.
In our private repository we have more than a 100 duplicate dependencies, and deduplicating them is painful. It is also painful to maintain the
deny.toml
file with all thebans.skip
andbans.skip_tree
entries manually.In fact, even though the
bans.skip_tree
is intended as a "wildcard skip", but this one hides too many things, and naive developers sometimes put the skip config underskip_tree
by mistake therefore making things ever worse.I developed a nushell script that automates the management of
deny.toml
by generating theskip
configuration and automates running the granularcargo update
command to try updating the dependencies within the compatible ranges to avoid duplicates.I wrote some docs in our private notion knowledgebase, but published it to the public under this link.
I think the nushell script I developed there could already be used by anyone to automate the maintenance of the
deny.toml
file, and it could also be used as a good POC for rewriting this implementation in Rust and including it intocargo-deny
.Generate the
bans.skip
configuration automaticallycargo deny
has enough information to be able to generate thebans.skip
list automatically. There could be a command in cargo deny that does the same thing asdeny.nu skips
command in the script shared above.However,
cargo-deny
could benefit fromtoml_edit
Rust crate to make the modifications indeny.toml
without requiring the user to copy and paste the TOML output from the terminal.More info in the post
Run
cargo update
with all the parent packages of the duplicate dependencyIf you run
deny.nu dedup
it will run thecargo update
command, but it will take care to pass-p
parameters with the package names that comprise the parent crates for the duplicate. This way you can granularly update the dependency tree.More info in the post
The text was updated successfully, but these errors were encountered: