Commit graph

39 commits

Author SHA1 Message Date
andriyDev
1e0d98d53e
Allow Unicode-3.0 license in addition to Unicode-DFS-2016 for unicode-ident crate. (#16471)
# Objective

- Fixes #16451.

## Solution

- Just allows the new license.

## Notes

According to the [Open Source
Initiative](https://opensource.org/license/unicode-inc-license-agreement-data-files-and-software),
the UNICODE-DFS-**2015** is superseded by UNICODE-3.0. I'm not sure
whether 2015 vs 2016 matters, and whether these are 3.0 and DFS-2016 are
materially different.
2024-11-22 18:15:31 +00:00
Ame
ee2fdc094c
Fix duplicate dependencies on raw-window-handle (#12309)
# Objective

cpal has been updated to [0.15.3](https://crates.io/crates/cpal/0.15.3).
we can remove the skip to avoid check for cpal 0.15.2 dependencies in
deny.toml

cpal now uses ndk 8.0 and Oboe 6.0, so we only have a version for
raw-window-handle, version 0.6

## Solution

- Remove temporal fix that skipped the check for the cpal dependency.
- Update oboe to 0.6

Fixes https://github.com/bevyengine/bevy/issues/11917
2024-03-05 08:24:37 +00:00
Ame
499c978176
Update cargo deny (#12178)
# Objective

Cargo-deny has being updated and now some keys are being deprecated.
Fix these warnings:
<details>

```rs
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
  ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:6:1
  │
6 │ vulnerability = "deny"
  │ ^^^^^^^^^^^^^

warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
  ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:7:1
  │
7 │ unmaintained = "deny"
  │ ^^^^^^^^^^^^

warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
  ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:9:1
  │
9 │ notice = "deny"
  │ ^^^^^^

warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
   ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:13:1
   │
13 │ unlicensed = "deny"
   │ ^^^^^^^^^^

warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
   ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:14:1
   │
14 │ copyleft = "deny"
   │ ^^^^^^^^

warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
   ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:15:1
   │
15 │ default = "deny"
   │ ^^^^^^^

warning[deprecated]: this key has been moved to [graph]
  ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:1:1
  │
1 │ all-features = true
  │ ^^^^^^^^^^^^
```
</details>

This also fix ci by temporarily skipping the check for cpal
dependencies.
https://github.com/bevyengine/bevy/issues/11917#issuecomment-1953629729



## Solution

- Remove keys deprecated.
- Update the list of licenses allowed. (All these licenses are already
being use for some dependencies)
- Skip cpal dependencies to avoid falining in CI, while we wait for new
releases
https://github.com/bevyengine/bevy/issues/11917#issuecomment-1953629729
2024-03-01 06:29:25 +00:00
Ame
8c0ce5280b
Standardize toml format with taplo (#10594)
# Objective

- Standardize fmt for toml files

## Solution

- Add [taplo](https://taplo.tamasfe.dev/) to CI (check for fmt and diff
for toml files), for context taplo is used by the most popular extension
in VScode [Even Better
TOML](https://marketplace.visualstudio.com/items?itemName=tamasfe.even-better-toml
- Add contribution section to explain toml fmt with taplo.
 
Now to pass CI you need to run `taplo fmt --option indent_string=" "` or
if you use vscode have the `Even Better TOML` extension with 4 spaces
for indent

---------

Co-authored-by: Alice Cecile <alice.i.cecile@gmail.com>
2023-11-21 01:04:14 +00:00
Ame
56d8a0e56e
check for all-features with cargo-deny (#10544)
# Objective

Fix #9880

## Solution

- Add all-features flag 
- Allow "MPL-2.0" license for the
[Symphonia](https://github.com/pdeljanov/Symphonia) crates
- Update dependencies unmaintained or with vulnerabilities:
https://github.com/RustAudio/rodio/issues/517 ,
https://github.com/LiquidityC/slice_ring_buffer/pull/7
2023-11-14 13:51:19 +00:00
François
71329fe0c2
make CI less failing on cargo deny bans (#10151)
# Objective

- Job cargo deny for bans is failing too often to be useful
- Having only one version of all dependencies is not realistic

## Solution

- Only warn on multiple dependencies of a crate
- Deny some specific crates that we know shouldn't be present multiple
time
2023-10-16 23:12:13 +00:00
François
70aee72726
Update cargo deny configuration (#8734)
# Objective

- Make the dependency job successful again

## Solution

- Update the list of duplicates
- Remove a security issue exception not needed anymore
- Also update a dependency that was missed by dependabot
2023-06-01 16:29:45 +00:00
François
ca1802b774 Basic spatial audio (#6028)
# Objective

- Add basic spatial audio support to Bevy
  - this is what rodio supports, so no HRTF, just simple stereo channel manipulation
  - no "built-in" ECS support: `Emitter` and `Listener` should be components that would automatically update the positions

This PR goal is to just expose rodio functionality, made possible with the recent update to rodio 0.16. A proper ECS integration opens a lot more questions, and would probably require an RFC

Also updates rodio and fixes #6122
2023-02-20 15:31:07 +00:00
Daniel Zhang
95c8d88d59 Fix failing CI check-bans due to duplicate windows dependency (#7699)
# Objective

Fixes #7654 

## Solution

Add `windows v0.43` to the list of skipped dependencies checked by CI (until `gilrs` publishes a new release with `windows v0.44`)
2023-02-16 03:32:01 +00:00
François
3900b48c88 update winit to 0.28 (#7480)
# Objective

- Update winit to 0.28

## Solution

- Small API change 
- A security advisory has been added for a unmaintained crate used by a dependency of winit build script for wayland

I didn't do anything for Android support in this PR though it should be fixable, it should be done in a separate one, maybe https://github.com/bevyengine/bevy/pull/6830 

---

## Changelog

- `window.always_on_top` has been removed, you can now use `window.window_level`

## Migration Guide

before:
```rust
    app.new()
        .add_plugins(DefaultPlugins.set(WindowPlugin {
            primary_window: Some(Window {
                always_on_top: true,
                ..default()
            }),
            ..default()
        }));
```

after:
```rust
    app.new()
        .add_plugins(DefaultPlugins.set(WindowPlugin {
            primary_window: Some(Window {
                window_level: bevy:🪟:WindowLevel::AlwaysOnTop,
                ..default()
            }),
            ..default()
        }));
```
2023-02-03 16:41:39 +00:00
François
bad3d57d0c update cargo deny config with latest list of duplicate crates in dependencies (#6947)
# Objective

- Get dependency check to succeed

## Solution

- Update the list
2022-12-13 22:54:27 +00:00
François
33299f0bad update allowed duplicate dependencies (#6500)
# Objective

- Fix deny issues

## Solution

- Allow new duplicated dependencies
2022-11-06 22:43:52 +00:00
François
ecb6f8fab3 Update deny configuration (#6359)
# Objective

- update deny config

## Solution

- update nix duplicate version to ignore
- update security advisories
2022-10-24 21:48:07 +00:00
VitalyR
c313e21d65 Update wgpu to 0.14.0, naga to 0.10.0, winit to 0.27.4, raw-window-handle to 0.5.0, ndk to 0.7 (#6218)
# Objective

- Update `wgpu` to 0.14.0, `naga` to `0.10.0`, `winit` to 0.27.4, `raw-window-handle` to 0.5.0, `ndk` to 0.7.

## Solution

---

## Changelog

### Changed

- Changed `RawWindowHandleWrapper` to `RawHandleWrapper` which wraps both `RawWindowHandle` and `RawDisplayHandle`, which satisfies the `impl HasRawWindowHandle and HasRawDisplayHandle` that `wgpu` 0.14.0 requires.

- Changed `bevy_window::WindowDescriptor`'s `cursor_locked` to `cursor_grab_mode`, change its type from `bool` to `bevy_window::CursorGrabMode`.

## Migration Guide

- Adjust usage of `bevy_window::WindowDescriptor`'s `cursor_locked` to `cursor_grab_mode`, and adjust its type from `bool` to `bevy_window::CursorGrabMode`.
2022-10-19 17:40:23 +00:00
François
047b437560 Update rodio requirement from 0.15 to 0.16 (#6020)
# Objective

- #6019 but with the duplicate package list updated
- Fixes #5774
2022-09-19 13:56:56 +00:00
Andreas Weibye
f62bdc3590 Ignore RUSTSEC-2021-0139 (#5816)
# Objective

- `ansi_term` has become unmaintained: https://github.com/ogham/rust-ansi-term/issues/72
- This is now blocking our CI so we need to find a way around that.


## Solution

Temporary add `RUSTSEC-2021-0139` to ignore until tracing switches to a new crate: https://github.com/tokio-rs/tracing/pull/2040

## Dependency tree
```
ansi_term v0.12.1
     └── tracing-subscriber v0.3.15
         ├── bevy_log v0.9.0-dev
         │   ├── bevy_asset v0.9.0-dev
         │   │   ├── bevy_animation v0.9.0-dev
         │   │   │   ├── bevy_gltf v0.9.0-dev
         │   │   │   │   └── bevy_internal v0.9.0-dev
         │   │   │   │       ├── bevy v0.9.0-dev
         │   │   │   │       └── bevy v0.9.0-dev (*)
         │   │   │   └── bevy_internal v0.9.0-dev (*)
         │   │   ├── bevy_audio v0.9.0-dev
         │   │   │   └── bevy_internal v0.9.0-dev (*)
         │   │   ├── bevy_core_pipeline v0.9.0-dev
         │   │   │   ├── bevy_gltf v0.9.0-dev (*)
         │   │   │   ├── bevy_internal v0.9.0-dev (*)
         │   │   │   ├── bevy_pbr v0.9.0-dev
         │   │   │   │   ├── bevy_gltf v0.9.0-dev (*)
         │   │   │   │   └── bevy_internal v0.9.0-dev (*)
         │   │   │   ├── bevy_sprite v0.9.0-dev
         │   │   │   │   ├── bevy_internal v0.9.0-dev (*)
         │   │   │   │   ├── bevy_text v0.9.0-dev
         │   │   │   │   │   ├── bevy_internal v0.9.0-dev (*)
         │   │   │   │   │   └── bevy_ui v0.9.0-dev
         │   │   │   │   │       └── bevy_internal v0.9.0-dev (*)
         │   │   │   │   └── bevy_ui v0.9.0-dev (*)
         │   │   │   └── bevy_ui v0.9.0-dev (*)
         │   │   ├── bevy_gltf v0.9.0-dev (*)
         │   │   ├── bevy_internal v0.9.0-dev (*)
         │   │   ├── bevy_pbr v0.9.0-dev (*)
         │   │   ├── bevy_render v0.9.0-dev
         │   │   │   ├── bevy_core_pipeline v0.9.0-dev (*)
         │   │   │   ├── bevy_gltf v0.9.0-dev (*)
         │   │   │   ├── bevy_internal v0.9.0-dev (*)
         │   │   │   ├── bevy_pbr v0.9.0-dev (*)
         │   │   │   ├── bevy_scene v0.9.0-dev
         │   │   │   │   ├── bevy_gltf v0.9.0-dev (*)
         │   │   │   │   └── bevy_internal v0.9.0-dev (*)
         │   │   │   ├── bevy_sprite v0.9.0-dev (*)
         │   │   │   ├── bevy_text v0.9.0-dev (*)
         │   │   │   └── bevy_ui v0.9.0-dev (*)
         │   │   ├── bevy_scene v0.9.0-dev (*)
         │   │   ├── bevy_sprite v0.9.0-dev (*)
         │   │   ├── bevy_text v0.9.0-dev (*)
         │   │   └── bevy_ui v0.9.0-dev (*)
         │   ├── bevy_diagnostic v0.9.0-dev
         │   │   ├── bevy_asset v0.9.0-dev (*)
         │   │   └── bevy_internal v0.9.0-dev (*)
         │   ├── bevy_gltf v0.9.0-dev (*)
         │   ├── bevy_internal v0.9.0-dev (*)
         │   ├── bevy_render v0.9.0-dev (*)
         │   ├── bevy_sprite v0.9.0-dev (*)
         │   └── bevy_ui v0.9.0-dev (*)
         └── tracing-wasm v0.2.1
             └── bevy_log v0.9.0-dev (*)
```
2022-08-27 20:34:53 +00:00
TimJentzsch
e84e391571 Remove unneeded skipped crates for duplicate dependencies (#5678)
# Objective

The `deny.toml` file defines some crates that are skipped for duplicate dependency detection, because the issues are deeper in the dependency tree and not easily fixable.

However, two of those exceptions are no longer necessary.

## Solution

Remove `hashbrown` and `mio` from the skipped crates, according to `cargo deny check` this is no longer needed.
2022-08-14 06:28:32 +00:00
François
9c116d557d allow unicode license (#5337)
# Objective

- Crate `unicode-ident` added the [unicode license](https://github.com/dtolnay/unicode-ident/blob/master/LICENSE-UNICODE). See https://github.com/dtolnay/unicode-ident#license. The only requirement seems to be to include the license in the distribution
- This makes license check fail

## Solution

- The license should be ok for Bevy, add it to the allowed licenses
2022-07-17 23:14:38 +00:00
François
814f8d1635 update wgpu to 0.13 (#5168)
# Objective

- Update wgpu to 0.13
- ~~Wait, is wgpu 0.13 released? No, but I had most of the changes already ready since playing with webgpu~~ well it has been released now
- Also update parking_lot to 0.12 and naga to 0.9

## Solution

- Update syntax for wgsl shaders https://github.com/gfx-rs/wgpu/blob/master/CHANGELOG.md#wgsl-syntax
- Add a few options, remove some references: https://github.com/gfx-rs/wgpu/blob/master/CHANGELOG.md#other-breaking-changes
- fragment inputs should now exactly match vertex outputs for locations, so I added exports for those to be able to reuse them https://github.com/gfx-rs/wgpu/pull/2704
2022-07-14 21:17:16 +00:00
colepoirier
86dd6f065d depend on dioxus(and bevy)-maintained fork of stretch (taffy) (#4716)
# Objective

DioxusLabs and Bevy have taken over maintaining what was our abandoned ui layout dependency [stretch](https://github.com/vislyhq/stretch). Dioxus' fork has had a lot of work done on it by @alice-i-cecile, @Weibye , @jkelleyrtp, @mockersf, @HackerFoo, @TimJentzsch and a dozen other contributors and now is in much better shape than stretch was. The updated crate is called taffy and is available on github [here](https://github.com/DioxusLabs/taffy) ([taffy](https://crates.io/crates/taffy) on crates.io). The goal of this PR is to replace stretch v0.3.2 with taffy v0.1.0.

## Solution

I changed the bevy_ui Cargo.toml to depend on taffy instead of stretch and fixed all the errors rustc complained about.

---

## Changelog

Changed bevy_ui layout dependency from stretch to taffy (the maintained fork of stretch).

fixes #677

## Migration Guide

The public api of taffy is different from that of stretch so please advise me on what to do here @alice-i-cecile.
2022-06-21 22:57:59 +00:00
François
a62ff657fe update hashbrown to 0.12 (#5035)
# Objective

- Update hashbrown to 0.12

## Solution

- Replace #4004
- As the 0.12 is already in Bevy dependency tree, it shouldn't be an issue to update
- The exception for the 0.11 should be removed once https://github.com/zakarumych/gpu-descriptor/pull/21 is merged and released
- Also removed a few exceptions that weren't needed anymore
2022-06-17 22:34:58 +00:00
James Liu
c46691c04a Update gilrs to v0.9 (#4848)
# Objective
Fixes #4353. Fixes #4431. Picks up fixes for a panic for `gilrs` when `getGamepads()` is not available. 

## Solution
Update the `gilrs` to `v0.9.0`. Changelog can be seen here: dba36f9186

EDIT: Updated `uuid` to 1.1 to avoid duplicate dependencies. Added `nix`'s two dependencies as exceptions until `rodio` updates their deps.
2022-05-30 17:26:23 +00:00
Teodor Tanasoaia
7cb4d3cb43 Migrate to encase from crevice (#4339)
# Objective

- Unify buffer APIs
- Also see #4272

## Solution

- Replace vendored `crevice` with `encase`

---

## Changelog

Changed `StorageBuffer`
Added `DynamicStorageBuffer`
Replaced `UniformVec` with `UniformBuffer`
Replaced `DynamicUniformVec` with `DynamicUniformBuffer`

## Migration Guide

### `StorageBuffer`

removed `set_body()`, `values()`, `values_mut()`, `clear()`, `push()`, `append()`
added `set()`, `get()`, `get_mut()`

### `UniformVec` -> `UniformBuffer`

renamed `uniform_buffer()` to `buffer()`
removed `len()`, `is_empty()`, `capacity()`, `push()`, `reserve()`, `clear()`, `values()`
added `set()`, `get()`

### `DynamicUniformVec` -> `DynamicUniformBuffer`

renamed `uniform_buffer()` to `buffer()`
removed `capacity()`, `reserve()`


Co-authored-by: Carter Anderson <mcanders1@gmail.com>
2022-05-18 21:09:21 +00:00
Alice Cecile
a291b5aaed Ignore duplicate wasi crate in dependency tree (#4190)
# Objective

- CI is giving a warning about duplicate dependency because of a differing versions between `winit` and `ahash` of https://github.com/bytecodealliance/wasi
- PRs that are mergeable look like they're not.

## Solution

- Add this crate to the list of ignored duplicates
2022-03-12 02:38:46 +00:00
François
19bd6b9c32 Update rodio 0.15 (#3846)
# Objective

- Update rodio to 0.15
- Replace #3828
2022-02-03 04:25:44 +00:00
François
17bb812d5d Ignore clippy 1.58 (#3667)
- Work around #3666 until a proper fix is done
- Also update duplicate dependencies list
2022-01-14 18:21:22 +00:00
François
363bdf78dc Re-enable nightly checks and add new dependency duplicate (#3525)
# Objective

- Nightly checks where disabled because of a bug in Rust
- Dependency checks are failing because of a new duplicate

## Solution

- Now that https://github.com/rust-lang/rust/pull/92175 has been merged, re-enable nightly checks
- Add the new duplicate dependency to the known list
- Removed `Inflector` dependency as it's not used anymore


Co-authored-by: François <8672791+mockersf@users.noreply.github.com>
2022-01-02 20:18:53 +00:00
François
aeba9faf04 use ogg by default instead of mp3 (#3421)
# Objective

- mp3 feature of rodio has dependencies that are not maintained with security issues
- mp3 feature of rodio doesn't build in wasm
- mp3 feature of rodio uses internal memory allocation that cause rejection from Apple appstore

## Solution

- Use vorbis instead of mp3 by default


Co-authored-by: François <8672791+mockersf@users.noreply.github.com>
2021-12-23 19:19:15 +00:00
Vabka
9a89295a17 Update wgpu to 0.12 and naga to 0.8 (#3375)
# Objective

Fixes #3352
Fixes #3208

## Solution

- Update wgpu to 0.12
- Update naga to 0.8
- Resolve compilation errors
- Remove [[block]] from WGSL shaders (because it is depracated and now wgpu cant parse it)
- Replace `elseif` with `else if` in pbr.wgsl
2021-12-19 03:03:06 +00:00
François
7356f1586d remove advisory for spirv-reflect (#3338)
# Objective

- With the removal of the old renderer, Bevy doesn't depend on spirv-reflect 🎉 

## Solution

- Remove its advisory from the ignored list


Co-authored-by: François <8672791+mockersf@users.noreply.github.com>
2021-12-16 00:34:50 +00:00
François
92a7e16aed Update dependencies ron winit& fix cargo-deny lists (#3244)
# Objective

- there are a few new versions for `ron`, `winit`, `ndk`, `raw-window-handle`
- `cargo-deny` is failing due to new security issues / duplicated dependencies

## Solution

- Update our dependencies
- Note all new security issues, with which of Bevy direct dependency it comes from
- Update duplicate crate list, with which of Bevy direct dependency it comes from

`notify` is not updated here as it's in #2993
2021-12-09 20:14:00 +00:00
François
1a758dd9e2 update ndk-glue to 0.4 (#2684)
# Objective

- We currently depends on ndk 0.2, 0.3, 0.4
- Only 0.2 dependencies comes from Bevy itself

## Solution

- Replace #1371 
- Update Bevy to ndk-glue 0.4
- Also fixes duplicate dependency CI issue
2021-08-19 01:02:15 +00:00
François
38bc27880d add proc-macro-crate as a known duplicate (#2456)
# Objective

- CI is failing because of a dependency (`num_enum`) that now uses the latest version of `proc-macro-crate`

```
    = proc-macro-crate v0.1.5
      ├── ndk-macro v0.2.0
      │   ├── ndk-glue v0.2.1
      │   │   ├── bevy_asset v0.5.0
      │   │   └── bevy_internal v0.5.0 (*)
      │   └── ndk-glue v0.3.0
      │       ├── cpal v0.13.3
      │       │   └── rodio v0.14.0
      │       │       └── bevy_audio v0.5.0 (*)
      │       ├── oboe v0.4.2
      │       │   └── cpal v0.13.3 (*)
      │       └── winit v0.25.0
      │           ├── bevy_winit v0.5.0 (*)
      │           └── bevy_winit v0.5.0 (*)
      └── num_enum_derive v0.4.3
          └── num_enum v0.4.3
              └── ndk v0.2.1
                  └── ndk-glue v0.2.1 (*)

    = proc-macro-crate v1.0.0
      └── num_enum_derive v0.5.2
          └── num_enum v0.5.2
              └── ndk v0.3.0
                  ├── cpal v0.13.3
                  │   └── rodio v0.14.0
                  │       └── bevy_audio v0.5.0
                  ├── ndk-glue v0.3.0
                  │   ├── cpal v0.13.3 (*)
                  │   ├── oboe v0.4.2
                  │   │   └── cpal v0.13.3 (*)
                  │   └── winit v0.25.0
                  │       ├── bevy_winit v0.5.0 (*)
                  │       └── bevy_winit v0.5.0 (*)
                  ├── oboe v0.4.2 (*)
                  └── winit v0.25.0 (*)
```

## Solution

- Add `proc-macro-crate` as a known duplicate
2021-07-13 21:51:44 +00:00
François
69e888e630 update duplicate dependency skip list (#2415)
# Objective

- CI is failing because of new duplicate dependency: https://github.com/bevyengine/bevy/pull/2414/checks?check_run_id=2946566180

## Solution

- update dependency duplicate skip list

updated `hashbrown` dependency comes from:
```
    │   │   ├── bevy_macro_utils v0.5.0
    │   │   │   ├── cargo-manifest v0.2.4
    │   │   │   │   └── toml v0.5.8
    │   │   │   │       ├── indexmap v1.7.0
    │   │   │   │       │   └── hashbrown v0.11.2
```
2021-07-01 20:41:41 +00:00
TheRawMeatball
3a1867a92e Remove unnecessary exceptions for wgpu (#2356) 2021-06-25 07:05:23 +00:00
Patrik Buhring
7602317087 Update hexasphere to 4.0.0. (#2390)
# Objective

- Update `hexasphere` to 4.0.0, which is now licensed with dual MIT/Apache-2.0.
2021-06-25 00:35:41 +00:00
François
19799b8d94 Update deny license to remove MPL as an allowed license (#2327)
# Objective

- MPL should not be an authorised license for all crates

## Solution

- Add exception for MPL for wgpu and hexasphere
- Remove security issue for a crate we don't depend on anymore
2021-06-09 18:32:19 +00:00
François
3c96131b99 update duplicate dependencies after winit update (#2212)
After winit update in #2186, a bunch of duplicated dependencies changed.

Most are related to a new dependency, https://github.com/onurzdg/mio-misc, that has a few older versions in its dependencies
2021-05-18 23:27:01 +00:00
François
177f2fbf9a enable cargo deny (#2101)
https://github.com/EmbarkStudios/cargo-deny
cargo-deny is a tool that can issue errors for dependency issues, among other:
* security issues in a crate
* duplicated dependencies with different versions
* unauthorised license

Added cargo-deny with an opinionated configuration:
* No middle ground with warnings, either allow or deny
* Not added to Bors, we probably don't want to block a PR on something that may happen from outside
* Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule
* Each check in its own job to help readability
* Initial config makes Bevy pass all check

Pushing a first commit with commented config to show errors
2021-05-17 23:07:18 +00:00