Clean up dependencies

[gavofyork]

• Remove duplicate dependencies that differ only in version number (bring everything up-to-date)
• Try to prune stale dependencies
• Look for modest refactors that lets us remove dependencies
• Big suspects are modules that have ethereum- in their name. Why do we still depend on rlp v0.2.4? Is ethereum-types still strictly needed? If not, then remove. If so, then rename parity-types and refactor accordingly.

[pepyakin]

Also, may I propose adding #[warn(unused_crate)] to each defined crate?

[chevdor]

I listed the problematic deps, they are:

• base64 v0.9.3
• bitflags v1.0.4
  vs v0.9.1 from libp2p-websocket through websocket 0.21.1
• byteorder v1.3.1
  vs 0.4.2 from parity-multiaddr
  vs 0.5.3 from libp2p-floodsub (through cuckoofilter)
• crossbeam-deque v0.2.0 from rayon & rayon-core
  vs v0.6.1 from tokio-threadpool
  crossbeam-epoch v0.3.1 vs v0.5.2 as consequence
• pretty_assertions v0.4.1 from substrate-primitives, node-primitives
• env_logger v0.4.3 from substrate-service-test, substrate-network, substrate-state-db
• hyper v0.10.13 from websocket (through libp2p-websocket)
  vs v0.12.11 from jsonrpc-http-server
• criterion v0.2.5
• crunchy 0.2.1
  vs 0.1.6 from bigint 4.4.1, hash256-std-hasher 0.9.0, tiny-keccak 1.4.2
• crypto-mac 0.7.0
  vs 0.6.2. from libp2p-secio (through hmac)
• digest 0.8.0
  vs 0.7.6 from libp2p-secio (through ed25519-dalek -> curve25519-dalek)
• generic-array 0.12.0
  vs 0.9.0 from libp2p-secio (through ed25519-dalek and stream-cipher -> aes-ctr)
• log v0.3.9 from hyper 0.10.15, mime 0.2.6, rhododendron 0.4.0, simplelog 0.4.4
  vs v0.4.6 (everywhere else)
• linked-hash-map 0.5.1
  vs 0.4.2 from substrate-client-db (through lru_cache 0.1.1)
• opaque-debug 0.2.1
  vs 0.1.1 from libp2p-secio (through aes-soft, twofish)
• parity-codec v2.2.0
• parking_lot v0.7.1
  vs v0.6.4 from kvdb-memorydb 0.1.0, kvdb-rocksdb 0.1.4, yamux 0.1.6, exit-future 0.1.3
  vs v0.5.5 from aio-limited 0.1.0 (from libp2p-ratelimit)
  vs v0.4.8 from finality-grandpa
  parking_lot_core v0.2.14 vs v0.3.1 vs 0.4.0 as a direct consequence
  owning_ref 0.3.3 vs 0.4.0 (everywhere else) as a consequence from <= 0.5.5.
• proc-macro2 v0.4.24
  vs 0.3.5 from librocksdb-sys (throgh bindgen 0.43.2); substrate (vergen -> getset), quote 0.3.15, syn 0.13.11
• quick-error v1.2.2
  vs 0.1.4 from yamux
• quote 0.6.11
  vs 0.5.2 from librocksdb-sys (throgh bindgen 0.43.2)
• rand 0.6.4
  vs 0.3.22 from parity-crypto (through rust-crypto), substrate (through names 0.11.0)
  vs 0.4.5 criterion (through criterion-stats 0.2.5), subkey, substrate-keystore (directly & through tempdir 0.3.7) , trie-db, ws, libp2p-secio (through secp256k1), substrate-service-test (through tempdir 0.3.7)
  vs 0.5.5 websocket 0.21.1, libp2p-secio (through curve25519-dalek), primitive-types (through fixed-hash)
  consequently rand_core 0.2.2 vs 0.3.0
• rayon v1.0.3
• rhododendron v0.4.0
• rustc-hex 2.0.1
• sha1 v0.6.0
• sha2 v0.8.0
  vs v0.7.1 libp2p-secio 0.2.1
  block-buffer 0.3.3 vs 0.7.0 as a consequence
• byte-tools 0.3.0
  vs 0.2.0 from libp2p-secio, through aes-ctr -> aes-soft (and `block-buffer 0.3.3)
• smallvec v0.6.7
• subtle 2.0.0
  vs 1.0.0 from libp2p-secio (through crypto-mac 0.7.0 & curve25519-dalek)
• syn v0.15.26
• unicase v2.2
  vs unicase from hyper 0.10.15, websocket 0.21.1,
• unsigned-varint v0.2.1
• ws v0.7.9 git vs ws v0.7.9
• winapi 0.3.6
  vs 0.2.8 from substrate-cli (through app_dirs 1.2.1), tokio & hyper (through iovec), mio (through kernel32-sys)

[guanqun]

@chevdor I'm using 'cargo tree' to check and didn't see parity-codec uses 1.1.1 anymore. probably you can cross out that item.

[chevdor]

Ok I did. @guanqun, out of curiosity, don't you have the right to cross it out?
If you do, feel free to do so as you make progress.

[guanqun]

@chevdor I'm not a parity member, so I don't have the permission. :)

[chevdor]

@guanqun ok, sorry about that. I thought you could still check/uncheck the boxes. We will figure it out :)

[bkchr]

For checking/unchecking you need the permissions to edit other comments.

[tomaka]

cc libp2p/rust-libp2p#687

[gnunicorn]

#1527 has done a lot on the direct dependency graph, updated the post accordingly.

[tomaka]

Someone recently cleaned up the unused dependencies of rust-libp2p using this script: https://gist.github.com/sinkuu/8083240257c485c9f928744b41bbac98

[bkchr]

Nice, should be integrated into CI xD

[expenses]

The current output of cargo tree -d --prefix-depth | rg '^0 ' -r '':

block-buffer v0.2.0
block-buffer v0.7.3
byte-tools v0.2.0
byte-tools v0.3.1
byteorder v0.5.3
byteorder v1.3.2
crossbeam-deque v0.6.3
crossbeam-deque v0.7.1
crypto-mac v0.4.0
crypto-mac v0.7.0
derive_more v0.14.1
derive_more v0.15.0
digest v0.6.2
digest v0.8.1
generic-array v0.8.3
generic-array v0.12.3
hashbrown v0.1.8
hashbrown v0.6.0
hmac v0.4.2
hmac v0.7.1
idna v0.1.5
idna v0.2.0
impl-serde v0.1.1
impl-serde v0.2.0
lock_api v0.1.5
lock_api v0.2.0
lock_api v0.3.1
owning_ref v0.3.3
owning_ref v0.4.0
parking_lot v0.5.5
parking_lot v0.6.4
parking_lot v0.7.1
parking_lot v0.8.0
parking_lot v0.9.0
parking_lot_core v0.2.14
parking_lot_core v0.3.1
parking_lot_core v0.4.0
parking_lot_core v0.5.0
parking_lot_core v0.6.2
percent-encoding v1.0.1
percent-encoding v2.1.0
proc-macro2 v0.4.30
proc-macro2 v1.0.3
quick-error v0.1.4
quick-error v1.2.2
quote v0.6.13
quote v1.0.2
rand v0.3.23
rand v0.4.6
rand v0.5.6
rand v0.6.5
rand v0.7.0
rand_chacha v0.1.1
rand_chacha v0.2.1
rand_core v0.3.1
rand_core v0.4.0
rand_core v0.5.0
rand_hc v0.1.0
rand_hc v0.2.0
scopeguard v0.3.3
scopeguard v1.0.0
sha2 v0.6.0
sha2 v0.8.0
subtle v1.0.0
subtle v2.1.0
syn v0.15.42
syn v1.0.5
unicode-xid v0.1.0
unicode-xid v0.2.0
url v1.7.2
url v2.1.0