Detects usage of unsafe Rust in a Rust crate and its dependencies.

Rust Secure Code Working Group

Last update: Jan 4, 2023

Related tags

Security tools cargo-geiger

Overview

cargo-geiger ☢️

Looking for maintainer: https://github.com/rust-secure-code/cargo-geiger/issues/210

A program that lists statistics related to the usage of unsafe Rust code in a Rust crate and all its dependencies.

This cargo plugin were originally based on the code from two other projects: https://github.com/icefoxen/cargo-osha and https://github.com/sfackler/cargo-tree.

Installation

Try to find and use a system-wide installed OpenSSL library:

cargo install cargo-geiger

Or, build and statically link OpenSSL as part of the cargo-geiger executable:

cargo install cargo-geiger --features vendored-openssl

Usage

Navigate to the same directory as the Cargo.toml you want to analyze.
cargo geiger

Output example

Why even care about unsafe Rust usage?

When and why to use unsafe Rust is out of scope for this project; it is simply a tool that provides information to aid auditing and hopefully to guide dependency selection. It is, however, the opinion of the author of this project that libraries choosing to abstain from unsafe Rust usage when possible should be promoted.

This project is an attempt to create pressure against unnecessary usage of unsafe Rust in public Rust libraries.

Why the name?

https://en.wikipedia.org/wiki/Geiger_counter

Unsafe code, like ionizing radiation, is unavoidable in some situations and should be safely contained!

Known issues

Unsafe code inside macros is not detected. Needs macro expansion(?).
Unsafe code generated by build.rs is probably not detected.
More on the GitHub issue tracker.

Roadmap

~~There should be no false negatives. All unsafe code should be identified.~~ This is probably too ambitious, but scanning for #![forbid(unsafe_code)] should be a reliable alternative (implemented since 0.6.0). Please see the changelog.
An optional whitelist file at the root crate level to specify crates that are trusted to use unsafe (should only have an effect when placed in the project's root).

Libraries

Cargo Geiger exposes three libraries:

cargo-geiger - Unversioned and highly unstable library exposing the internals of the cargo-geiger binary. As such, any function contained within this library may be subject to change.
cargo-geiger-serde - A library containing the serializable report types
geiger - A library containing a few decoupled cargo components used by cargo-geiger

Changelog

View the changelog here

Cargo Geiger Safety Report


Metric output format: x/y
    x = unsafe code used by the build
    y = total unsafe code found in the crate

Symbols: 
    🔒  = No `unsafe` usage found, declares #![forbid(unsafe_code)]
    ❓  = No `unsafe` usage found, missing #![forbid(unsafe_code)]
    ☢️  = `unsafe` usage found

Functions  Expressions  Impls  Traits  Methods  Dependency

0/0        0/0          0/0    0/0     0/0      🔒  cargo-geiger 0.11.1
15/18      432/439      3/3    0/0     11/11    ☢️  ├── anyhow 1.0.40
0/26       0/623        0/6    0/0     0/5      ❓  │   └── backtrace 0.3.56
0/0        0/23         0/0    0/0     0/0      ❓  │       ├── addr2line 0.14.1
0/0        0/51         0/2    0/0     0/0      ❓  │       │   ├── gimli 0.23.0
0/0        37/42        1/1    0/0     0/0      ☢️  │       │   │   └── indexmap 1.6.2
2/2        1006/1098    16/19  0/0     35/39    ☢️  │       │   │       ├── hashbrown 0.9.1
0/0        4/4          0/0    0/0     0/0      ☢️  │       │   │       │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │       └── serde_derive 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │           ├── proc-macro2 1.0.24
0/0        0/0          0/0    0/0     0/0      🔒  │       │   │       │           │   └── unicode-xid 0.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │           ├── quote 1.0.9
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │           │   └── proc-macro2 1.0.24
0/0        45/45        3/3    0/0     2/2      ☢️  │       │   │       │           └── syn 1.0.67
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │               ├── proc-macro2 1.0.24
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │               ├── quote 1.0.9
0/0        0/0          0/0    0/0     0/0      🔒  │       │   │       │               └── unicode-xid 0.2.1
0/0        4/4          0/0    0/0     0/0      ☢️  │       │   │       └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       │   ├── rustc-demangle 0.1.18
1/1        392/392      7/7    1/1     13/13    ☢️  │       │   └── smallvec 1.6.1
0/0        4/4          0/0    0/0     0/0      ☢️  │       │       └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │       ├── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      🔒  │       ├── miniz_oxide 0.4.4
0/0        0/0          0/0    0/0     0/0      🔒  │       │   └── adler 1.0.2
0/0        0/21         0/0    0/1     0/0      ❓  │       ├── object 0.23.0
5/6        108/156      0/0    0/0     0/0      ☢️  │       │   ├── crc32fast 1.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │   └── cfg-if 1.0.0
4/4        129/129      2/2    0/0     2/2      ☢️  │       │   ├── flate2 1.0.20
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │   ├── cfg-if 1.0.0
5/6        108/156      0/0    0/0     0/0      ☢️  │       │   │   ├── crc32fast 1.2.1
0/19       10/311       0/0    0/0     5/27     ☢️  │       │   │   ├── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │   ├── libz-sys 1.1.2
0/19       10/311       0/0    0/0     5/27     ☢️  │       │   │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      🔒  │       │   │   └── miniz_oxide 0.4.4
0/0        37/42        1/1    0/0     0/0      ☢️  │       │   └── indexmap 1.6.2
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── rustc-demangle 0.1.18
0/0        4/4          0/0    0/0     0/0      ☢️  │       └── serde 1.0.125
4/4        341/347      0/0    0/0     3/3      ☢️  ├── cargo 0.52.0
15/18      432/439      3/3    0/0     11/11    ☢️  │   ├── anyhow 1.0.40
2/2        45/45        0/0    0/0     0/0      ☢️  │   ├── atty 0.2.14
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── bytesize 1.0.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cargo-platform 0.1.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        1/1          0/0    0/0     0/0      ☢️  │   ├── clap 2.33.3
0/0        23/23        0/0    0/0     0/0      ☢️  │   │   ├── ansi_term 0.11.0
2/2        45/45        0/0    0/0     0/0      ☢️  │   │   ├── atty 0.2.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── bitflags 1.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── strsim 0.8.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── textwrap 0.11.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   └── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── vec_map 0.8.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       └── serde 1.0.125
0/0        606/606      12/12  4/4     12/12    ☢️  │   ├── core-foundation 0.9.1
0/0        3/3          0/0    0/0     2/2      ☢️  │   │   ├── core-foundation-sys 0.8.2
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── crates-io 0.33.0
15/18      432/439      3/3    0/0     11/11    ☢️  │   │   ├── anyhow 1.0.40
4/4        875/876      5/5    0/0     2/2      ☢️  │   │   ├── curl 0.4.35
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── curl-sys 0.4.41+curl-7.75.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │   ├── libc 0.2.92
0/0        0/1          0/0    0/0     0/0      ❓  │   │   │   │   ├── libnghttp2-sys 0.1.6+1.43.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   │   └── libz-sys 1.1.2
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   ├── libc 0.2.92
0/0        644/1122     0/0    0/0     5/9      ☢️  │   │   │   └── socket2 0.3.19
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │       ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │       └── libc 0.2.92
0/0        3/3          0/0    0/0     0/0      ☢️  │   │   ├── percent-encoding 2.1.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   │   ├── serde_json 1.0.64
0/0        37/42        1/1    0/0     0/0      ☢️  │   │   │   ├── indexmap 1.6.2
0/0        1/1          0/0    0/0     0/0      ☢️  │   │   │   ├── itoa 0.4.7
8/12       674/921      0/0    0/0     2/2      ☢️  │   │   │   ├── ryu 1.0.5
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── url 2.2.1
0/0        2/2          0/0    0/0     0/0      ☢️  │   │       ├── form_urlencoded 1.0.1
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │   ├── matches 0.1.8
0/0        3/3          0/0    0/0     0/0      ☢️  │   │       │   └── percent-encoding 2.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │       ├── idna 0.2.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │   ├── matches 0.1.8
0/0        0/0          0/0    0/0     0/0      🔒  │   │       │   ├── unicode-bidi 0.3.4
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │   │   ├── matches 0.1.8
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       │   │   └── serde 1.0.125
0/0        20/20        0/0    0/0     0/0      ☢️  │   │       │   └── unicode-normalization 0.1.17
0/0        0/0          0/0    0/0     0/0      🔒  │   │       │       └── tinyvec 1.1.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       │           ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │           └── tinyvec_macros 0.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │       ├── matches 0.1.8
0/0        3/3          0/0    0/0     0/0      ☢️  │   │       ├── percent-encoding 2.1.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       └── serde 1.0.125
4/4        79/79        14/14  0/0     2/2      ☢️  │   ├── crossbeam-utils 0.8.3
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/0        7/7          1/1    0/0     0/0      ☢️  │   │   └── lazy_static 1.4.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── crypto-hash 0.3.4
0/0        23/23        0/0    0/0     0/0      ☢️  │   │   ├── commoncrypto 0.2.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   └── commoncrypto-sys 0.2.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │       └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── hex 0.3.2
4/4        875/876      5/5    0/0     2/2      ☢️  │   ├── curl 0.4.35
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── curl-sys 0.4.41+curl-7.75.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── env_logger 0.8.3
2/2        45/45        0/0    0/0     0/0      ☢️  │   │   ├── atty 0.2.14
0/0        0/0          0/0    0/0     0/0      🔒  │   │   ├── humantime 2.1.0
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── cfg-if 1.0.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        34/34        1/2    0/0     2/2      ☢️  │   │   ├── regex 1.4.5
19/19      678/678      0/0    0/0     22/22    ☢️  │   │   │   ├── aho-corasick 0.7.15
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   │   │   └── memchr 2.3.4
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │       └── libc 0.2.92
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   │   ├── memchr 2.3.4
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   └── regex-syntax 0.6.23
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── termcolor 1.1.2
0/0        35/78        0/0    0/0     0/0      ☢️  │   ├── filetime 0.2.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
4/4        129/129      2/2    0/0     2/2      ☢️  │   ├── flate2 1.0.20
9/9        3745/3765    3/3    0/0     81/81    ☢️  │   ├── git2 0.13.17
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── bitflags 1.2.1
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   ├── libc 0.2.92
0/0        18/18        0/0    0/0     0/0      ☢️  │   │   ├── libgit2-sys 0.12.18+1.1.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   ├── libc 0.2.92
2/2        6/6          0/0    0/0     0/0      ☢️  │   │   │   ├── libssh2-sys 0.2.21
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │   ├── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   │   ├── libz-sys 1.1.2
42/42      149/149      0/0    0/0     0/0      ☢️  │   │   │   │   └── openssl-sys 0.9.61
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │       └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── libz-sys 1.1.2
42/42      149/149      0/0    0/0     0/0      ☢️  │   │   │   └── openssl-sys 0.9.61
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── url 2.2.1
1/1        17/19        0/0    0/0     0/0      ☢️  │   ├── git2-curl 0.14.1
4/4        875/876      5/5    0/0     2/2      ☢️  │   │   ├── curl 0.4.35
9/9        3745/3765    3/3    0/0     81/81    ☢️  │   │   ├── git2 0.13.17
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── glob 0.3.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── hex 0.4.3
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/14         0/0    0/0     0/0      ❓  │   ├── home 0.5.3
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── humantime 2.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── ignore 0.4.17
4/4        79/79        14/14  0/0     2/2      ☢️  │   │   ├── crossbeam-utils 0.8.3
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── globset 0.4.6
19/19      678/678      0/0    0/0     22/22    ☢️  │   │   │   ├── aho-corasick 0.7.15
8/8        377/377      0/0    0/0     0/0      ☢️  │   │   │   ├── bstr 0.2.15
0/0        7/7          1/1    0/0     0/0      ☢️  │   │   │   │   ├── lazy_static 1.4.0
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   │   │   ├── memchr 2.3.4
0/0        225/225      5/5    1/1     14/14    ☢️  │   │   │   │   ├── regex-automata 0.1.9
0/1        176/193      0/0    0/0     0/0      ☢️  │   │   │   │   │   ├── byteorder 1.4.3
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   │   │   └── regex-syntax 0.6.23
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── fnv 1.0.7
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   │   ├── log 0.4.14
0/0        34/34        1/2    0/0     2/2      ☢️  │   │   │   ├── regex 1.4.5
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        7/7          1/1    0/0     0/0      ☢️  │   │   ├── lazy_static 1.4.0
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   ├── memchr 2.3.4
0/0        34/34        1/2    0/0     2/2      ☢️  │   │   ├── regex 1.4.5
0/0        3/3          0/0    0/0     0/0      ☢️  │   │   ├── same-file 1.0.6
0/0        109/109      1/1    0/0     4/4      ☢️  │   │   ├── thread_local 1.1.3
1/1        75/94        4/6    0/0     2/3      ☢️  │   │   │   └── once_cell 1.7.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── walkdir 2.3.2
0/0        3/3          0/0    0/0     0/0      ☢️  │   │       └── same-file 1.0.6
1/1        122/122      2/2    0/0     4/4      ☢️  │   ├── im-rc 15.0.0
0/0        100/100      0/0    0/0     9/9      ☢️  │   │   ├── bitmaps 2.1.0
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   └── typenum 1.13.0
0/0        22/22        0/0    0/0     0/0      ☢️  │   │   ├── rand_core 0.5.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── rand_xoshiro 0.4.0
0/0        22/22        0/0    0/0     0/0      ☢️  │   │   │   ├── rand_core 0.5.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/1        311/631      0/0    0/0     20/39    ☢️  │   │   ├── sized-chunks 0.6.4
0/0        100/100      0/0    0/0     9/9      ☢️  │   │   │   ├── bitmaps 2.1.0
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   └── typenum 1.13.0
0/0        0/0          0/0    0/0     0/0      🔒  │   │   └── typenum 1.13.0
0/0        188/282      0/2    0/0     4/6      ☢️  │   ├── jobserver 0.1.21
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        7/7          1/1    0/0     0/0      ☢️  │   ├── lazy_static 1.4.0
0/0        43/43        2/2    0/0     0/0      ☢️  │   ├── lazycell 1.3.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/19       10/311       0/0    0/0     5/27     ☢️  │   ├── libc 0.2.92
0/0        18/18        0/0    0/0     0/0      ☢️  │   ├── libgit2-sys 0.12.18+1.1.0
1/1        16/16        1/1    0/0     0/0      ☢️  │   ├── log 0.4.14
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   ├── memchr 2.3.4
0/0        65/72        0/0    0/0     0/0      ☢️  │   ├── num_cpus 1.13.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        6/6          0/0    0/0     0/0      ☢️  │   ├── opener 0.4.1
30/30      5630/5630    33/33  3/3     16/16    ☢️  │   ├── openssl 0.10.33
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── bitflags 1.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── foreign-types 0.3.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   └── foreign-types-shared 0.1.1
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   ├── libc 0.2.92
1/1        75/94        4/6    0/0     2/3      ☢️  │   │   ├── once_cell 1.7.2
42/42      149/149      0/0    0/0     0/0      ☢️  │   │   └── openssl-sys 0.9.61
0/0        3/3          0/0    0/0     0/0      ☢️  │   ├── percent-encoding 2.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── rustc-workspace-hack 1.0.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── rustfix 0.5.1
15/18      432/439      3/3    0/0     11/11    ☢️  │   │   ├── anyhow 1.0.40
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   │   └── serde_json 1.0.64
0/0        3/3          0/0    0/0     0/0      ☢️  │   ├── same-file 1.0.6
0/0        0/4          0/0    0/0     0/0      ❓  │   ├── semver 0.10.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── semver-parser 0.7.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        4/4          0/0    0/0     0/0      ☢️  │   ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── serde_ignored 0.1.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   ├── serde_json 1.0.64
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── shell-escape 0.1.5
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── strip-ansi-escapes 0.1.0
0/0        4/5          0/0    0/0     0/0      ☢️  │   │   └── vte 0.3.3
1/1        5/5          0/0    0/0     0/0      ☢️  │   │       └── utf8parse 0.1.1
2/2        52/52        0/0    0/0     0/0      ☢️  │   ├── tar 0.4.33
0/0        35/78        0/0    0/0     0/0      ☢️  │   │   ├── filetime 0.2.14
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        36/82        0/0    0/0     0/0      ☢️  │   ├── tempfile 3.2.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   ├── libc 0.2.92
0/0        20/20        0/0    0/0     0/0      ☢️  │   │   ├── rand 0.8.3
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   ├── libc 0.2.92
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── rand_chacha 0.3.0
2/2        565/641      0/0    0/0     14/22    ☢️  │   │   │   │   ├── ppv-lite86 0.2.10
0/0        15/15        0/0    0/0     0/0      ☢️  │   │   │   │   └── rand_core 0.6.2
1/4        47/144       1/1    0/0     3/3      ☢️  │   │   │   │       ├── getrandom 0.2.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   │       │   ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │       │   └── libc 0.2.92
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   │       └── serde 1.0.125
0/0        15/15        0/0    0/0     0/0      ☢️  │   │   │   ├── rand_core 0.6.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        0/79         0/0    0/0     0/0      ❓  │   │   └── remove_dir_all 0.5.3
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── termcolor 1.1.2
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── toml 0.5.8
0/0        37/42        1/1    0/0     0/0      ☢️  │   │   ├── indexmap 1.6.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── unicode-xid 0.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   └── walkdir 2.3.2
0/0        0/0          0/0    0/0     0/0      🔒  ├── cargo-geiger-serde 0.2.0
0/0        0/4          0/0    0/0     0/0      ❓  │   ├── semver 0.11.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── semver-parser 0.10.2
2/2        57/57        0/0    0/0     2/2      ☢️  │   │   │   └── pest 2.1.3
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │       ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   │   │       ├── serde_json 1.0.64
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │       └── ucd-trie 0.1.3
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        4/4          0/0    0/0     0/0      ☢️  │   ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   └── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  ├── cargo-platform 0.1.1
0/0        0/0          0/0    0/0     0/0      ❓  ├── cargo_metadata 0.13.1
1/1        50/50        0/0    0/0     2/2      ☢️  │   ├── camino 1.0.4
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cargo-platform 0.1.1
0/0        0/4          0/0    0/0     0/0      ❓  │   ├── semver 0.11.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── semver-parser 0.10.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   └── serde_json 1.0.64
0/0        13/13        0/0    0/0     0/0      ☢️  ├── colored 2.0.0
2/2        45/45        0/0    0/0     0/0      ☢️  │   ├── atty 0.2.14
0/0        7/7          1/1    0/0     0/0      ☢️  │   └── lazy_static 1.4.0
0/1        55/235       0/0    0/0     0/0      ☢️  ├── console 0.14.1
0/0        7/7          1/1    0/0     0/0      ☢️  │   ├── lazy_static 1.4.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   ├── libc 0.2.92
0/0        34/34        1/2    0/0     2/2      ☢️  │   ├── regex 1.4.5
0/0        5/12         0/0    0/0     0/0      ☢️  │   ├── terminal_size 0.1.16
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   └── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      🔒  ├── geiger 0.4.6
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── cargo-geiger-serde 0.2.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── proc-macro2 1.0.24
0/0        45/45        3/3    0/0     2/2      ☢️  │   └── syn 1.0.67
0/0        0/0          0/0    0/0     0/0      ❓  ├── krates 0.7.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cargo_metadata 0.13.1
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cfg-expr 0.7.4
1/1        392/392      7/7    1/1     13/13    ☢️  │   │   └── smallvec 1.6.1
2/2        75/75        4/4    1/1     1/1      ☢️  │   ├── petgraph 0.5.1
0/0        62/62        0/0    0/0     0/0      ☢️  │   │   ├── fixedbitset 0.2.0
0/0        37/42        1/1    0/0     0/0      ☢️  │   │   ├── indexmap 1.6.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── serde_derive 1.0.125
0/0        0/4          0/0    0/0     0/0      ❓  │   └── semver 0.11.0
2/2        75/75        4/4    1/1     1/1      ☢️  ├── petgraph 0.5.1
0/0        0/0          0/0    0/0     0/0      🔒  ├── pico-args 0.4.0
0/0        34/34        1/2    0/0     2/2      ☢️  ├── regex 1.4.5
0/0        4/4          0/0    0/0     0/0      ☢️  ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  ├── serde_json 1.0.64
0/0        0/0          0/0    0/0     0/0      ❓  ├── strum 0.20.0
0/0        0/0          0/0    0/0     0/0      ❓  │   └── strum_macros 0.20.1
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── heck 0.3.2
0/0        0/0          0/0    0/0     0/0      ❓  │       │   └── unicode-segmentation 1.7.1
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── proc-macro2 1.0.24
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── quote 1.0.9
0/0        45/45        3/3    0/0     2/2      ☢️  │       └── syn 1.0.67
0/0        0/0          0/0    0/0     0/0      ❓  ├── strum_macros 0.20.1
0/0        0/0          0/0    0/0     0/0      ❓  ├── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  └── walkdir 2.3.2

200/260    20550/23557  121/137 10/11   296/361

Comments

Make it available as a library?

I want to make a website that gives statistics on various crates, including unsafe usage. Naturally I immediately thought of this, but using cargo-geiger to output data and then attempting to re-parse it seems excessively hard. Would you accept a PR that refactors most of the actual work into a library crate?

I don't think I would ever really expect a stable API or such, but being able to keep all the processing in one program would be nice.
enhancement

opened by icefoxen 33
Use cargo_metadata to explore the dependency tree.

Switch out the cargo API pieces currently used for exploring the dependency graph and use https://crates.io/crates/cargo_metadata instead.

Found here: https://github.com/sfackler/cargo-tree/issues/41

This is a subtask of #69

Consider using https://crates.io/crates/krates as part of this migration.
enhancement help wanted important

opened by anderejd 17
Idea: safety badges
I want crate readme files to show their unsafe-ness.

for crates without #![forbid(unsafe_code)]

for crates with deps that lack #![forbid(unsafe_code)]

for crates with #![forbid(unsafe_code)]

Clicking on the badge would show the cargo-geiger report for that version of the crate.

Is anyone else interested in setting up something like this?

SVG sources: badges-svg.zip
enhancement question
opened by mleonhard 15

'features' flags does not work

This one:

        --features <FEATURES>     Space-separated list of features to activate
        --all-features            Activate all available features
        --no-default-features     Do not activate the `default` feature

opened by RazrFalcon 15

use ExampleBin by default for example target

This fixes a a part of test failure in #193 - at the moment cargo-geiger sets CustomBuildRoot for code files in examples and as a result itertools/examples/iris.rs also is assumed to be a custom build root.

opened by qrilka 14
Feature: safety report in readme
I want a tool to automatically update update a safety report section in my project's readme file. Requirements:

Run cargo-geiger on the current project

Convert the report into Markdown format

Look for a # Safety Report section in Readme.md and replace it with the generated report

Advanced features:

An argument with the name of the markdown file to update

An argument with the name of the section to replace

Check the git repository, see if there's a tag at HEAD in the current branch, and include the tag in the report. This could be a separate program.

An option to include the branch name in the report.

An option to include the git commit ID in the report.

For each unsafe crate, link to a ticket about making the crate safer. So folks can easily express their desire for more safety in code and dependencies. For crates without such tickets, link to a page explaining how to file the ticket and add the link to cargo-geiger (make a PR). When crate maintainers delete tickets that ask for more safety, include a link to a ticket in a different repository. The isaacs/github repository is an example of this technique.

Similar tools: clog-cli
opened by mleonhard 14
Emoji rendering error under rxvt-unicode which isn't fixed by --charset ascii

On a brand new cargo-geiger install (cargo install cargo-geiger producing version 0.7.2), I get the following less-than-ideal output when running cargo-geiger under a stack of rxvt-unicode and GNU screen:

--charset ascii does change the tree-view line-drawing characters (which render just fine in the default UTF-8 mode), but doesn't change the more important icons.

(I haven't checked your code but, when using the radioactive symbol emoji in your README for testing, the problem is that rxvt-unicode doesn't like U+FE0F (VARIATION SELECTOR-16))
bug help wanted

opened by ssokolow 13
NOISSUE - Create `lib.rs`, to allow documentation tests to be written…
… and

run:

Add high level description of public modules in lib.rs

Add docs and doc-tests for args module

Add clippy level to enforce use of doc markdown

Signed-off-by: joshmc [email protected]
opened by jmcconnell26 12
Expose the cargo crate feature: vendored-openssl.

Fixes: #97

Is this an acceptable solution? For macOS this seems like the right choice to me. If this PR passes the CI build I'm fine with using the vendored-openssl feature for all platforms.

opened by anderejd 12

Manifest parse errors despite using latest version of Rust

❯ cargo build
    Finished dev [unoptimized + debuginfo] target(s) in 0.23s

❯ cargo geiger --version
cargo-geiger 0.11.3

❯ cargo geiger
error: failed to parse manifest at `C:\Path\To\Project\Cargo.toml`

Caused by:
  namespaced features with the `dep:` prefix are only allowed on the nightly channel and requires the `-Z namespaced-features` flag on the command-line

Which is odd, because namespaced features has been stable since 1.60 and none of the other cargo tools I have are choking on my Cargo.toml.

opened by alexschrod 11

panic in .toml parser on some repos

Version: cargo-geiger 0.9.0

$ cargo geiger
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ()', src/libcore/result.rs:1165:5
stack backtrace:
...
  14: core::result::unwrap_failed
             at src/libcore/result.rs:1165
  15: cargo::util::canonical_url::CanonicalUrl::new
  16: cargo::core::source::source_id::SourceId::new
  17: cargo::util::toml::DetailedTomlDependency::to_dependency
  18: cargo::util::toml::TomlDependency::to_dependency
  19: cargo::util::toml::TomlManifest::to_real_manifest::process_dependencies
  20: cargo::util::toml::TomlManifest::to_real_manifest
  21: cargo::util::toml::read_manifest
  22: cargo::core::workspace::Packages::load
  23: cargo::core::workspace::Workspace::find_root
  24: cargo::core::workspace::Workspace::new
  25: cargo_geiger::cli::get_workspace
  26: cargo_geiger::main
  27: std::rt::lang_start::{{closure}}
  28: std::rt::lang_start_internal::{{closure}}
             at src/libstd/rt.rs:48
  29: std::panicking::try::do_call
             at src/libstd/panicking.rs:287
  30: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:78
  31: std::panicking::try
             at src/libstd/panicking.rs:265
  32: std::panic::catch_unwind
             at src/libstd/panic.rs:396
  33: std::rt::lang_start_internal
             at src/libstd/rt.rs:47
  34: main
  35: __libc_start_main
  36: _start

it would be useful to get at least the line number in the .toml file that causes the problem.

EDIT: I tried eliminating lines in my Cargo.toml to find the offending code, but even with my whole Cargo.toml commented I got the above error. Weird. geiger works fine in some other repos.

bug help wanted

opened by emilk 11

build(deps): bump rayon from 1.5.3 to 1.6.1
Bumps rayon from 1.5.3 to 1.6.1.

Changelog

Sourced from rayon's changelog.

Release rayon 1.6.1 (2022-12-09)

Simplified par_bridge to only pull one item at a time from the iterator, without batching. Threads that are waiting for iterator items will now block appropriately rather than spinning CPU. (Thanks @njaard!)

Added protection against recursion in par_bridge, so iterators that also invoke rayon will not cause mutex recursion deadlocks.

Release rayon-core 1.10.1 (2022-11-18)

Fixed a race condition with threads going to sleep while a broadcast starts.

Release rayon 1.6.0 / rayon-core 1.10.0 (2022-11-18)

The minimum supported rustc is now 1.56.

The new IndexedParallelIterator::fold_chunks and fold_chunks_with methods work like ParallelIterator::fold and fold_with with fixed-size chunks of items. This may be useful for predictable batching performance, without the allocation overhead of IndexedParallelIterator::chunks.

New "broadcast" methods run a given function on all threads in the pool. These run at a sort of reduced priority after each thread has exhausted their local work queue, but before they attempt work-stealing from other threads.

The global broadcast function and ThreadPool::broadcast method will block until completion, returning a Vec of all return values.

The global spawn_broadcast function and methods on ThreadPool, Scope, and ScopeFifo will run detached, without blocking the current thread.

Panicking methods now use #[track_caller] to report the caller's location.

Fixed a truncated length in vec::Drain when given an empty range.

Contributors

Thanks to all of the contributors for this release!

@cuviper

@idanmuze

@JoeyBF

@JustForFun88

@kianmeng

@kornelski

@ritchie46

@ryanrussell

@steffahn

@TheIronBorn

@willcrozi

Commits

401678e Merge #709

33e9843 Release rayon 1.2.1 / rayon-core 1.6.1

dd874ac Bump crate versions and dependencies

0c6338d Reduce Option complexity in demo cpu_time

be99e50 cargo fmt

9b4d979 Avoid mem::uninitialized in the demo cpu_time

5a46643 Avoid mem::uninitialized in par_sort_unstable

73b1061 Merge #705

54c0b0d Make sure that compat-Cargo.lock is fresh

4fd13b0 Regenerate compat-Cargo.lock

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies rust
opened by dependabot[bot] 0
build(deps): bump rstest from 0.15.0 to 0.16.0
Bumps rstest from 0.15.0 to 0.16.0.

Release notes

Sourced from rstest's releases.

0.16.0

Use values expression to define test names.

Changelog

Sourced from rstest's changelog.

[0.16.0] 2022/11/27

Changed

Show TEST START banner only when trace some argument: See #158 for details.

Add values to test name: See #160 for details.

Fixed

Updated test fixtures to 1.64.0 compiler's error messages.

Commits

d7ff088 Update checkout list

4386575 Version 0.16.0 chengelog

41749a8 Fix clippy warning

daaddde Bump to 0.16.0 version and upgrade dependency

576768e Fixed dev dependency in rstest_macros

a6eb3a9 Update rstest_test version

4a18dd0 Update version

2964883 Update dependency version

5ad7e3f #160 Add test for module annotation

a302be0 #160 Tests fixed and add unit for allow

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies rust
opened by dependabot[bot] 0
build(deps): bump cargo_metadata from 0.15.0 to 0.15.2
Bumps cargo_metadata from 0.15.0 to 0.15.2.

Changelog

Sourced from cargo_metadata's changelog.

Changelog

Unreleased

Added

Re-exported semver crate directly.

Changed

Made parse_stream more versatile by accepting anything that implements Read.

Removed

Removed re-exports for BuildMetadata and Prerelease from semver crate.

Fixed

Added missing manifest_path field to Artifact. Fixes #187.

Commits

8319bd6 Publish new version

711710b Merge pull request #213 from messense/fix-212

ad8bf92 Add #[serde(default)] to Artifact::manifest_path

1af69df Merge pull request #211 from messense/stderr

d9cd00d Allow MetadataCommand to inherit stderr from parent

a0f55ac Disable semver again

b0a608d Add semver checks to CI

feac4af Version bump

2d2998c Merge pull request #205 from msrd0/add-target-is-xxx

ecabef4 Add is_lib, is_bin etc to Target

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies rust
opened by dependabot[bot] 0
build(deps): bump assert_cmd from 2.0.4 to 2.0.5
Bumps assert_cmd from 2.0.4 to 2.0.5.

Changelog

Sourced from assert_cmd's changelog.

[2.0.5] - 2022-10-20

Features

Added AssertError::assert

Commits

d19ea7e chore: Release

fa0c1cb docs: Update changelog

7b0b08b Merge pull request #144 from jbtrystram/assert_error

aadf8bb feat: Allow getting the Assert from an AssertError

8d4bfd2 chore: Track lock file for MSRV

5f5abc9 docs(contrib): Update release process

1e73f00 chore(gh): Fix weblink

02449b4 chore: Upgrade boilerplate

b7c84f6 chore: Upgrade boilerplate

c6accdd chore(ci): Upgrade pre-commits

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies rust
opened by dependabot[bot] 0
build(deps): bump krates from 0.11.0 to 0.12.6
Bumps krates from 0.11.0 to 0.12.6.

Release notes

Sourced from krates's releases.

Release 0.12.5

Fixed

PR#51 resolved #50 by no longer treating the feature set in the index as authoritative, but rather just merging in the keys that were not already located in the feature set from the crate itself. This would mean that features that are present in both but with different sub-features from the index will now be lost, but that can be fixed later if it is actually an issue.

Release 0.12.4

Fixed

PR#49 resolved #48 by not entering into an infinite loop in the presence of cyclic features. Oops.

Release 0.12.3

Fixed

PR#47 resolved #46 by both adding the prefer-index feature to get the actual correct feature information for a crate from the index, rather than the cargo metadata, as well as silently ignoring features that are resolved, but not available from the package manifest if the feature is not enabled.

Release 0.12.2

Fixed

PR#45 fixed a bug where optional dependencies could be pruned if their name differed from the feature that enabled them.

Added

PR#45 added Krates::direct_dependencies as a complement to Krates::direct_dependents.

Release 0.12.1

Added

PR#43 and PR#44 added Krates::direct_dependents to more easily obtain the crates that directly depend on the specified crate/node, regardless of any features in between those crates.

Release 0.12.0

Added

PR#42 added support for features, adding nodes for each unique future, and linking edges between dependencies and features themselves. This (hopefully) properly takes into account the existing ways of pruning the graph via targets, exclusions etc. It also allows the retrieval of that final feature set via Krates::get_enabled_features.

Fixed

PR#42 resolved #41 by properly pruning weak dependencies that were improperly resolved by cargo.

Changelog

Sourced from krates's changelog.

[0.12.6] - 2022-11-25

Changed

PR#52 updated cfg-expr to 0.12.

PR#52 changed Krates::search_matches and Krates::search_by_name to use impl Into<String> for the name to search, so that the lifetime of it is not paired with the graph itself.

[0.12.5] - 2022-11-08

Fixed

PR#51 resolved #50 by no longer treating the feature set in the index as authoritative, but rather just merging in the keys that were not already located in the feature set from the crate itself. This would mean that features that are present in both but with different sub-features from the index will now be lost, but that can be fixed later if it is actually an issue.

[0.12.4] - 2022-11-02

Fixed

PR#49 resolved #48 by not entering into an infinite loop in the presence of cyclic features. Oops.

[0.12.3] - 2022-11-01

Fixed

PR#47 resolved #46 by both adding the prefer-index feature to get the actual correct feature information for a crate from the index, rather than the cargo metadata, as well as silently ignoring features that are resolved, but not available from the package manifest if the feature is not enabled.

[0.12.2] - 2022-10-28

Fixed

PR#45 fixed a bug where optional dependencies could be pruned if their name differed from the feature that enabled them.

Added

PR#45 added Krates::direct_dependencies as a complement to Krates::direct_dependents.

[0.12.1] - 2022-10-25

Added

PR#43 and PR#44 added Krates::direct_dependents to more easily obtain the crates that directly depend on the specified crate/node, regardless of any features in between those crates.

[0.12.0] - 2022-10-06

Added

PR#42 added support for features, adding nodes for each unique future, and linking edges between dependencies and features themselves. This (hopefully) properly takes into account the existing ways of pruning the graph via targets, exclusions etc. It also allows the retrieval of that final feature set via Krates::get_enabled_features.

Fixed

PR#42 resolved #41 by properly pruning weak dependencies that were improperly resolved by cargo.

Commits

6aa02ee Release 0.12.6

c68becf Fixup Krates API (#52)

22403eb Release 0.12.5

d6a9db4 Update CHANGELOG

fdeedb7 Fix index override (#51)

35af9b6 Release 0.12.4

edce042 Update CHANGELOG

d880398 Fix cyclic features (#49)

bd88850 Release 0.12.3

7825299 Update CHANGELOG

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies rust
opened by dependabot[bot] 0
cargo_metadata & krate coupling
Need to de-couple these and ensure they do not break between bumps...

https://dev.azure.com/cargo-geiger/cargo-geiger/_build/results?buildId=819&view=logs&j=022b0a5d-2698-5f72-7610-a845972a8b4c&t=33e4d865-0676-5964-ba63-59b88208e67d&l=350

error[E0609]: no field `krate` on type `&krates::Node<cargo_metadata::Package>` --> cargo-geiger\src\graph.rs:119:39 | 119 | let package = krates_node.krate.clone(); | ^^^^^

This is blocking https://github.com/rust-secure-code/cargo-geiger/pull/397
opened by pinkforest 0

Releases(cargo-geiger-0.11.4)

cargo-geiger-0.11.4(Aug 1, 2022)

0.11.4

Bump insta from 1.16 to 1.17 [#353], [#354]
Bump regex from 0.5 to 0.6 [#348]
Code clean-ups - thanks @jmcconnell26 [#333]
Bump pico-args from 0.4 to 0.5 [#328]
Upgraded from Cargo 0.62.0 to 0.63.0 [#345]
Upgraded from Cargo 0.60.0 to 0.62.0 - thanks @jmcconnell26   [#317]
Bump lockfile [#349]

Special thanks to @alexschrod @jmcconnell26

Source code(tar.gz)
Source code(zip)