Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: unused workspace dependency check breaks when replacing crates-io with a mirror #694

Open
gillyobeast opened this issue Aug 14, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@gillyobeast
Copy link

gillyobeast commented Aug 14, 2024

Describe the bug

the new workspace-dependency.unused setting reports false positives when you proxy crates.io via another cargo repository.

i found this running against an internal artifactory mirror of crates.io, which for obvious reasons i can't use for a reproduction, but using a random (out of date) mirror i found on the web also reproduces it.

minimal repro repo available here

To reproduce

  1. check out minimal repro repo above, OR add the following to .cargo/config.toml in the root of a cargo project:
[source.mirror]
registry = "https://github.com/hotg-ai/crates.io-index"

[source.crates-io]
# comment out below line (stop proxying crates.io via mirror) to fix issue
replace-with = "mirror"
  1. run cargo deny check bans
  2. should get the following output:
❯ cargo deny check bans
error[unused-workspace-dependency]: workspace dependency is declared, but unused
   ┌─ /Users/lake.armitage/personal/workspace-lint-false-positive-repro/Cargo.toml:12:1
   │
12 │ wiremock = "0.5"
   │ ━━━━━━━━ unused workspace dependency

bans FAILED

despite the wiremock workspace dependency being used in bin/foo-lib/Cargo.toml

commenting out the replace-with line in the config.toml resolves the issue.

cargo-deny version

cargo-deny 0.16.1

What OS were you running cargo-deny on?

MacOS

Additional context

No response

@gillyobeast gillyobeast added the bug Something isn't working label Aug 14, 2024
@gillyobeast
Copy link
Author

i think it's something to do with how the code compares the url for the crate against the expected url for crates.io, here:

crate::Source::CratesIo(is_sparse) => {
let crates_io = if *is_sparse {
tame_index::index::sparse::CRATES_IO_HTTP_INDEX
} else {
tame_index::index::git::CRATES_IO_INDEX
};
if urls.as_str() != crates_io {
return None;
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant