parity-ethereum icon indicating copy to clipboard operation
parity-ethereum copied to clipboard

Published 20 hours ago verified publisher icon openethereum

Deduplicate the crate dependencies further

Open ordian opened this issue 5 years ago • 2 comments

#11467 was just a start, but still it's a way to go.

  • For printing duplicate dependency one could use cargo-guppy (cargo install cargo-guppy --git https://github.com/calibra/cargo-guppy --force):
    • cargo guppy dups | sort
  • To see where a dependency comes from, cargo-tree (https://github.com/sfackler/cargo-tree) comes in handy:
    • cargo tree -i -p subtle you'll get an error like that if there are multiple versions found:
error: There are multiple `subtle` packages in your project, and the specification `subtle` is ambiguous.
Please re-run this command with `-p <spec>` where `<spec>` is one of the following:
  subtle:1.0.0
  subtle:2.2.2

and then use

  • cargo tree -i -p subtle:1.0.0 to see the reverse graph of this dependency

  • The current list of duplicates is

aho-corasick (0.7.6, 0.6.8)
arrayvec (0.5.1, 0.4.11)
base64 (0.9.3, 0.10.1)
block-buffer (0.7.3, 0.3.3)
byte-tools (0.2.0, 0.3.1)
crossbeam-deque (0.6.3, 0.7.1)
crossbeam-utils (0.6.6, 0.5.0)
crunchy (0.1.6, 0.2.2)
digest (0.8.0, 0.7.6)
env_logger (0.6.2, 0.5.13)
generic-array (0.12.0, 0.9.0)
idna (0.1.5, 0.2.0)
keccak-hasher (0.15.0, 0.1.1)
lock_api (0.3.1, 0.1.4)
miow (0.3.3, 0.2.1)
num-traits (0.1.43, 0.2.6)
owning_ref (0.4.0, 0.3.3)
parking_lot (0.6.4, 0.10.0)
parking_lot_core (0.3.1, 0.7.0)
percent-encoding (1.0.1, 2.1.0)
proc-macro2 (0.4.20, 1.0.8)
quote (0.6.8, 1.0.2)
rand (0.7.2, 0.5.5, 0.4.6)
rand_core (0.2.2, 0.4.2, 0.3.1, 0.5.1)
rustc-hex (1.0.0, 2.1.0)
scopeguard (0.3.3, 1.0.0)
sha2 (0.7.1, 0.8.0)
slab (0.4.1, 0.3.0, 0.2.0)
smallvec (0.6.10, 1.2.0)
strsim (0.8.0, 0.7.0)
subtle (1.0.0, 2.1.0)
syn (0.15.26, 1.0.14)
synstructure (0.10.1, 0.12.3)
textwrap (0.9.0, 0.11.0)
tokio-timer (0.2.11, 0.1.2)
unicode-xid (0.1.0, 0.2.0)
url (1.7.1, 2.1.0)
version_check (0.1.5, 0.9.1)
winapi (0.3.8, 0.2.8)

ordian avatar Feb 07 '20 16:02 ordian

To update the dependencies

  • in Cargo.toml use cargo upgrade <dep> --all (install https://github.com/killercup/cargo-edit first)
  • in Cargo.lock: cargo update -p <dep>

ordian avatar Feb 07 '20 16:02 ordian

We could also incorporate cargo-deny

niklasad1 avatar Feb 21 '20 10:02 niklasad1