Hey guys, has anyone ever used cargo-deny as I see it is a superset of
cargo-audit, isn't it (i.e.
cargo-auditis no loger needed when we have
Tried cargo-deny and it is inherently awesome!
@matklad we should give it ago instead of
cargo audit. It provides not only vulnerabilities scan, but also scan for duplicated deps versions, bad licences and very flexible user-friendly configuration. Embark guys are awesome :heart:
tbh, I am not entirely convinced that we need even
So now you don't care about vulnerabilities :smiling_devil:?
In Rust crates -- not really. I am generally on top of things here:I read our Cargo.lock pretty regularly, and I know which each dependency does and why it is there.
I am not sure you are better than
cargo-deny, but whatever