Jake Shadle
Jake Shadle
Maybe I'm misunderstanding, but having a depth of 1 would mean that you'd only be checking direct dependencies and no transitive dependencies at all, which would make the use of...
It feels like you would get a lot more utility from checking in your Cargo.lock file and using a deny list and multiple-versions lint? FWIW your use case sounds a...
Ok, I think I understand now, you just want all direct dependencies in your workspace to have consistent versioning. We just use the multiple-versions lint to detect that case, but...
multiple-versions works quite well, you just have to use the `skip` and `skip-tree` fields to selectively ignore old versions, then cargo-deny warns when you have skips that no longer match...
All the configuration defaults are documented in https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html, but yes, it might not be clear that not having the advisories section entirely will use the defaults when you do the...
Hmm, I suppose this could be done. I think it would still have to list the crate multiple times if the expression uses `AND` however, but those kind of expressions...
In that case it would be easiest just to use the expression all the time, then there is no need to use the `allow` list to have the additional constraint...
FWIW, the template is just handlebars, so technically you could have a template to output csv if you wanted, but that would be cumbersome so I can see adding it...
I agree it's a bit unfortunate to have this kind of duplication where there is overlap between the tools, but I'm not sure it's worth effort to try and find...
https://embarkstudios.github.io/cargo-about/cli/generate/config.html#the-clarify-field-optional