Commit graph

16 commits

Author SHA1 Message Date
Alice Cecile
a291b5aaed Ignore duplicate wasi crate in dependency tree (#4190)
# Objective

- CI is giving a warning about duplicate dependency because of a differing versions between `winit` and `ahash` of https://github.com/bytecodealliance/wasi
- PRs that are mergeable look like they're not.

## Solution

- Add this crate to the list of ignored duplicates
2022-03-12 02:38:46 +00:00
François
19bd6b9c32 Update rodio 0.15 (#3846)
# Objective

- Update rodio to 0.15
- Replace #3828
2022-02-03 04:25:44 +00:00
François
17bb812d5d Ignore clippy 1.58 (#3667)
- Work around #3666 until a proper fix is done
- Also update duplicate dependencies list
2022-01-14 18:21:22 +00:00
François
363bdf78dc Re-enable nightly checks and add new dependency duplicate (#3525)
# Objective

- Nightly checks where disabled because of a bug in Rust
- Dependency checks are failing because of a new duplicate

## Solution

- Now that https://github.com/rust-lang/rust/pull/92175 has been merged, re-enable nightly checks
- Add the new duplicate dependency to the known list
- Removed `Inflector` dependency as it's not used anymore


Co-authored-by: François <8672791+mockersf@users.noreply.github.com>
2022-01-02 20:18:53 +00:00
François
aeba9faf04 use ogg by default instead of mp3 (#3421)
# Objective

- mp3 feature of rodio has dependencies that are not maintained with security issues
- mp3 feature of rodio doesn't build in wasm
- mp3 feature of rodio uses internal memory allocation that cause rejection from Apple appstore

## Solution

- Use vorbis instead of mp3 by default


Co-authored-by: François <8672791+mockersf@users.noreply.github.com>
2021-12-23 19:19:15 +00:00
Vabka
9a89295a17 Update wgpu to 0.12 and naga to 0.8 (#3375)
# Objective

Fixes #3352
Fixes #3208

## Solution

- Update wgpu to 0.12
- Update naga to 0.8
- Resolve compilation errors
- Remove [[block]] from WGSL shaders (because it is depracated and now wgpu cant parse it)
- Replace `elseif` with `else if` in pbr.wgsl
2021-12-19 03:03:06 +00:00
François
7356f1586d remove advisory for spirv-reflect (#3338)
# Objective

- With the removal of the old renderer, Bevy doesn't depend on spirv-reflect 🎉 

## Solution

- Remove its advisory from the ignored list


Co-authored-by: François <8672791+mockersf@users.noreply.github.com>
2021-12-16 00:34:50 +00:00
François
92a7e16aed Update dependencies ron winit& fix cargo-deny lists (#3244)
# Objective

- there are a few new versions for `ron`, `winit`, `ndk`, `raw-window-handle`
- `cargo-deny` is failing due to new security issues / duplicated dependencies

## Solution

- Update our dependencies
- Note all new security issues, with which of Bevy direct dependency it comes from
- Update duplicate crate list, with which of Bevy direct dependency it comes from

`notify` is not updated here as it's in #2993
2021-12-09 20:14:00 +00:00
François
1a758dd9e2 update ndk-glue to 0.4 (#2684)
# Objective

- We currently depends on ndk 0.2, 0.3, 0.4
- Only 0.2 dependencies comes from Bevy itself

## Solution

- Replace #1371 
- Update Bevy to ndk-glue 0.4
- Also fixes duplicate dependency CI issue
2021-08-19 01:02:15 +00:00
François
38bc27880d add proc-macro-crate as a known duplicate (#2456)
# Objective

- CI is failing because of a dependency (`num_enum`) that now uses the latest version of `proc-macro-crate`

```
    = proc-macro-crate v0.1.5
      ├── ndk-macro v0.2.0
      │   ├── ndk-glue v0.2.1
      │   │   ├── bevy_asset v0.5.0
      │   │   └── bevy_internal v0.5.0 (*)
      │   └── ndk-glue v0.3.0
      │       ├── cpal v0.13.3
      │       │   └── rodio v0.14.0
      │       │       └── bevy_audio v0.5.0 (*)
      │       ├── oboe v0.4.2
      │       │   └── cpal v0.13.3 (*)
      │       └── winit v0.25.0
      │           ├── bevy_winit v0.5.0 (*)
      │           └── bevy_winit v0.5.0 (*)
      └── num_enum_derive v0.4.3
          └── num_enum v0.4.3
              └── ndk v0.2.1
                  └── ndk-glue v0.2.1 (*)

    = proc-macro-crate v1.0.0
      └── num_enum_derive v0.5.2
          └── num_enum v0.5.2
              └── ndk v0.3.0
                  ├── cpal v0.13.3
                  │   └── rodio v0.14.0
                  │       └── bevy_audio v0.5.0
                  ├── ndk-glue v0.3.0
                  │   ├── cpal v0.13.3 (*)
                  │   ├── oboe v0.4.2
                  │   │   └── cpal v0.13.3 (*)
                  │   └── winit v0.25.0
                  │       ├── bevy_winit v0.5.0 (*)
                  │       └── bevy_winit v0.5.0 (*)
                  ├── oboe v0.4.2 (*)
                  └── winit v0.25.0 (*)
```

## Solution

- Add `proc-macro-crate` as a known duplicate
2021-07-13 21:51:44 +00:00
François
69e888e630 update duplicate dependency skip list (#2415)
# Objective

- CI is failing because of new duplicate dependency: https://github.com/bevyengine/bevy/pull/2414/checks?check_run_id=2946566180

## Solution

- update dependency duplicate skip list

updated `hashbrown` dependency comes from:
```
    │   │   ├── bevy_macro_utils v0.5.0
    │   │   │   ├── cargo-manifest v0.2.4
    │   │   │   │   └── toml v0.5.8
    │   │   │   │       ├── indexmap v1.7.0
    │   │   │   │       │   └── hashbrown v0.11.2
```
2021-07-01 20:41:41 +00:00
TheRawMeatball
3a1867a92e Remove unnecessary exceptions for wgpu (#2356) 2021-06-25 07:05:23 +00:00
Patrik Buhring
7602317087 Update hexasphere to 4.0.0. (#2390)
# Objective

- Update `hexasphere` to 4.0.0, which is now licensed with dual MIT/Apache-2.0.
2021-06-25 00:35:41 +00:00
François
19799b8d94 Update deny license to remove MPL as an allowed license (#2327)
# Objective

- MPL should not be an authorised license for all crates

## Solution

- Add exception for MPL for wgpu and hexasphere
- Remove security issue for a crate we don't depend on anymore
2021-06-09 18:32:19 +00:00
François
3c96131b99 update duplicate dependencies after winit update (#2212)
After winit update in #2186, a bunch of duplicated dependencies changed.

Most are related to a new dependency, https://github.com/onurzdg/mio-misc, that has a few older versions in its dependencies
2021-05-18 23:27:01 +00:00
François
177f2fbf9a enable cargo deny (#2101)
https://github.com/EmbarkStudios/cargo-deny
cargo-deny is a tool that can issue errors for dependency issues, among other:
* security issues in a crate
* duplicated dependencies with different versions
* unauthorised license

Added cargo-deny with an opinionated configuration:
* No middle ground with warnings, either allow or deny
* Not added to Bors, we probably don't want to block a PR on something that may happen from outside
* Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule
* Each check in its own job to help readability
* Initial config makes Bevy pass all check

Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00