João Marcos

I don't think this does make sense anymore, canonicalized is only called for files passed as CLI args, not unpacked files. There seems to be no clear benefit to this,...

> ... thus many of the parameters sent to tempfile could be under the direct control of the "user" (which sometimes can be an "attacker")... I usually check all paths...

:thinking: hmmm, one problem tho, people might expect all `.with_prefix` and `.with_prefix_in` functions to be consistent on whether they perform this check or not. And it looks like the existing...

+1, I'd like to share the code I expected to succeed. Here's the minified example for [the issue I found in `Ouch`](https://github.com/ouch-org/ouch/issues/485): ```rust use std::{ffi::OsString, path::PathBuf}; use clap::Parser; #[derive(Parser, Debug)]...

:+1: I made the example smaller and created #5115.

It's unlikely that we'd move forward with a full "librification" of `cargo-sweep`, but if a volunteer created a library with equivalent functionality, we could use it here. The code is...

@vext01 Indeed, 8 years is a lot, I'll think about creating my own crate @gustavla doesn't answer this one. That said, I prefer to ask and wait for a bit...

Interesting suggestion, like Figsoda suggested, we can use a `glob`, `regex` or `fzf` filter, it would be kinda simple to implement too.

Yeah a nice to have, when we infer a format, we can build a decoder and try again, if can infer another format from that, we compose a new decoder...

Looks like this is a limitation of clap, issue at https://github.com/clap-rs/clap/issues/5115.