Commit graph

7 commits

Author SHA1 Message Date
François
38bc27880d add proc-macro-crate as a known duplicate (#2456)
# Objective

- CI is failing because of a dependency (`num_enum`) that now uses the latest version of `proc-macro-crate`

```
    = proc-macro-crate v0.1.5
      ├── ndk-macro v0.2.0
      │   ├── ndk-glue v0.2.1
      │   │   ├── bevy_asset v0.5.0
      │   │   └── bevy_internal v0.5.0 (*)
      │   └── ndk-glue v0.3.0
      │       ├── cpal v0.13.3
      │       │   └── rodio v0.14.0
      │       │       └── bevy_audio v0.5.0 (*)
      │       ├── oboe v0.4.2
      │       │   └── cpal v0.13.3 (*)
      │       └── winit v0.25.0
      │           ├── bevy_winit v0.5.0 (*)
      │           └── bevy_winit v0.5.0 (*)
      └── num_enum_derive v0.4.3
          └── num_enum v0.4.3
              └── ndk v0.2.1
                  └── ndk-glue v0.2.1 (*)

    = proc-macro-crate v1.0.0
      └── num_enum_derive v0.5.2
          └── num_enum v0.5.2
              └── ndk v0.3.0
                  ├── cpal v0.13.3
                  │   └── rodio v0.14.0
                  │       └── bevy_audio v0.5.0
                  ├── ndk-glue v0.3.0
                  │   ├── cpal v0.13.3 (*)
                  │   ├── oboe v0.4.2
                  │   │   └── cpal v0.13.3 (*)
                  │   └── winit v0.25.0
                  │       ├── bevy_winit v0.5.0 (*)
                  │       └── bevy_winit v0.5.0 (*)
                  ├── oboe v0.4.2 (*)
                  └── winit v0.25.0 (*)
```

## Solution

- Add `proc-macro-crate` as a known duplicate
2021-07-13 21:51:44 +00:00
François
69e888e630 update duplicate dependency skip list (#2415)
# Objective

- CI is failing because of new duplicate dependency: https://github.com/bevyengine/bevy/pull/2414/checks?check_run_id=2946566180

## Solution

- update dependency duplicate skip list

updated `hashbrown` dependency comes from:
```
    │   │   ├── bevy_macro_utils v0.5.0
    │   │   │   ├── cargo-manifest v0.2.4
    │   │   │   │   └── toml v0.5.8
    │   │   │   │       ├── indexmap v1.7.0
    │   │   │   │       │   └── hashbrown v0.11.2
```
2021-07-01 20:41:41 +00:00
TheRawMeatball
3a1867a92e Remove unnecessary exceptions for wgpu (#2356) 2021-06-25 07:05:23 +00:00
Patrik Buhring
7602317087 Update hexasphere to 4.0.0. (#2390)
# Objective

- Update `hexasphere` to 4.0.0, which is now licensed with dual MIT/Apache-2.0.
2021-06-25 00:35:41 +00:00
François
19799b8d94 Update deny license to remove MPL as an allowed license (#2327)
# Objective

- MPL should not be an authorised license for all crates

## Solution

- Add exception for MPL for wgpu and hexasphere
- Remove security issue for a crate we don't depend on anymore
2021-06-09 18:32:19 +00:00
François
3c96131b99 update duplicate dependencies after winit update (#2212)
After winit update in #2186, a bunch of duplicated dependencies changed.

Most are related to a new dependency, https://github.com/onurzdg/mio-misc, that has a few older versions in its dependencies
2021-05-18 23:27:01 +00:00
François
177f2fbf9a enable cargo deny (#2101)
https://github.com/EmbarkStudios/cargo-deny
cargo-deny is a tool that can issue errors for dependency issues, among other:
* security issues in a crate
* duplicated dependencies with different versions
* unauthorised license

Added cargo-deny with an opinionated configuration:
* No middle ground with warnings, either allow or deny
* Not added to Bors, we probably don't want to block a PR on something that may happen from outside
* Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule
* Each check in its own job to help readability
* Initial config makes Bevy pass all check

Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00