cargo-unmaintained icon indicating copy to clipboard operation
cargo-unmaintained copied to clipboard
verified publisher icon trailofbits

Omit dev-dependencies

Open jayvdb opened this issue 6 months ago • 1 comments

cargo-unmaintained is emitting:

xz2 (https://github.com/alexcrichton/xz2-rs updated 897 days ago)
    rand (requirement: ^0.8.0, version used: 0.8.5, latest: 0.9.1)

However rand is only in dev-dependencies. now: https://github.com/alexcrichton/xz2-rs/blob/main/Cargo.toml#L27 at relevant release: https://github.com/alexcrichton/xz2-rs/blob/0.1.7/Cargo.toml#L27

Having old dependencies in dev-dependencies is common to allow testing support for old versions.

And a projects dev-dependency versions have no effect on my project.

jayvdb avatar Jun 20 '25 09:06 jayvdb

Another one https://github.com/dalek-cryptography/subtle/blob/main/Cargo.toml#L29

And another https://github.com/srijs/rust-crc32fast/blob/master/Cargo.toml#L21

Note this problem is 3 of 7 problems raised by cargo-unmaintained in my project.

jayvdb avatar Jun 20 '25 10:06 jayvdb