-
-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove cargo-deny exception for intel-mkl-src #386
Remove cargo-deny exception for intel-mkl-src #386
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #386 +/- ##
=======================================
Coverage 91.92% 91.92%
=======================================
Files 177 177
Lines 23724 23724
=======================================
Hits 21808 21808
Misses 1916 1916 ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
It seems this is all complete. Should this be merged now? |
The CI build should be rerun to confirm. If that is green it should be good to merge. |
Would you mind rebasing this PR or allowing me to push to it? Thanks! :) |
I can rebase in the next few days. Also, permission for maintainer to edit this PR should already be given. |
fb009aa
to
7d386c3
Compare
Seems like cargo-deny picks up intel-mkl-src through the "examples" crates, even though those crates have "publish = false" set in their manifest and "deny.toml" has "licenses.private.ignore = true" set. If the "examples" folder is just removed from the workspace manifest members there are no license errors. I think this might not be the intended behavior for the "licenses.private.ignore" option of |
Thanks for the quick rebase, and thanks for digging into this. I've also had a look, and I suspect the path based dependencies are treated differently. I tried to replace them by workspace dependencies but to no avail. If you do look into this, please do not waste too much time on this annoying problem.
Interestingly I still cannot push to this branch. |
711798a
to
3f4d344
Compare
… avoid license checks for dependencies that are not used in the published crates
1da2198
to
776957e
Compare
I get no errors with |
Turns out I was wrong to suspect the cargo-deny-action. I just didn't see errors locally since I did run According to https://www.unicode.org/policies/licensing_policy.html the license is based on the MIT license, with the difference that the Unicode-3.0 license is targeted explicitly at data and data files:
It seems the license is very permissive. However to be sure I would follow suite with the most restrictive use of the license in all of the dependencies, which appears to be https://crates.io/crates/unicode-ident, and change the license of argmin to "(MIT OR Apache-2.0) AND Unicode-3.0". Or track down why dependencies with this license got into the dependency graph in the first place and try to prune them. Edit: It seems even https://crates.io/crates/proc-macro2/1.0.91 depends on |
The failed check for advisories is due to unmaintained crates in the dependency graph. EmbarkStudios/cargo-deny#611 removed the ability to set the severity of different advisories, so the previously set |
… through the cargo-deny config key �dvisories.unmaintained = warn, which was deprecated in EmbarkStudios/cargo-deny#611.
A huge thank you for the work on this issue and your endurance, this is remarkable! :) |
As conversed about in PR #369, this PR removes the cargo-deny exclusion for intel-mkl-src introduced due to EmbarkStudios/krates#60.
This PR should be merged as soon as EmbarkStudios/krates#61 lands in cargo-deny-action.