You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I have a workspace with some published and some unpublished crates. Today I know of no good way to check only the licenses of dependencies of actually published crates. I can set private.ignore = true in deny.toml, but that only excludes the unpublished crates themselves apparently. Running cargo deny check licenses still checks against the dependencies of those unpublished crates or at least includes them during dependency resolution.
Describe the solution you'd like
I want a straightforward way to check if the dependencies of crates I publish have matching licenses, without having to worry about dependencies I use in unpublished crates like examples. I imagine something like cargo deny check --exclude-dev --exclude-unpublished licenses should give the result I am after.
Describe alternatives you've considered
An alternative might be to use the behavior described above by default for crates that are publish = false. I am not sure if that is 100% backwards compatible as I don't know enough about how cargo does dependency resolution. My guess would be that it is.
This PR adds a new command line flag `--exclude-unpublished`. If the
flag is set, the construction of the crate graph does not use explicitly
unpublished crates as roots. Workspace members are considered explicitly
unpublished if their manifest specifies `publish = false`. For
motivation please see the [associated
issue](#708).
This PR depends on EmbarkStudios/krates#94 to
fix the workspace filters mechanism of
https://github.com/EmbarkStudios/krates. Documentation for the flag will
follow as soon as I find the time.
---------
Co-authored-by: Jake Shadle <jake.shadle@embark-studios.com>
Is your feature request related to a problem? Please describe.
I have a workspace with some published and some unpublished crates. Today I know of no good way to check only the licenses of dependencies of actually published crates. I can set
private.ignore = true
indeny.toml
, but that only excludes the unpublished crates themselves apparently. Runningcargo deny check licenses
still checks against the dependencies of those unpublished crates or at least includes them during dependency resolution.Describe the solution you'd like
I want a straightforward way to check if the dependencies of crates I publish have matching licenses, without having to worry about dependencies I use in unpublished crates like examples. I imagine something like
cargo deny check --exclude-dev --exclude-unpublished licenses
should give the result I am after.Describe alternatives you've considered
An alternative might be to use the behavior described above by default for crates that are
publish = false
. I am not sure if that is 100% backwards compatible as I don't know enough about how cargo does dependency resolution. My guess would be that it is.Additional context
https://github.com/Tastaturtaste/argmin/tree/remove_cargo_deny_exception is the repository I have an issue with at the moment.
The text was updated successfully, but these errors were encountered: