Celebrating one year of 0.9.2

[0323pin]

Hi,

Today is exactly one year since v0.9.2 was released 🚀 🎉

I use this tool nearly daily and was wondering if there's a plan to bump the dependencies and have fresher version out.
This, even though cargo audit still looks reasonably happy one year after 👍

~> cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 617 security advisories (from /home/pin/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (135 crate dependencies)
Crate:     atty
Version:   0.2.14
Warning:   unsound
Title:     Potential unaligned read
Date:      2021-07-04
ID:        RUSTSEC-2021-0145
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
└── grep-cli 0.1.7
    └── hck 0.9.2

Crate:     hermit-abi
Version:   0.3.1
Warning:   yanked
Dependency tree:
hermit-abi 0.3.1
├── is-terminal 0.4.7
│   ├── env_logger 0.10.0
│   │   └── hck 0.9.2
│   └── anstream 0.2.6
│       └── clap_builder 4.2.1
│           └── clap 4.2.1
│               └── hck 0.9.2
└── io-lifetimes 1.0.10
    ├── rustix 0.37.11
    │   ├── tempfile 3.5.0
    │   │   └── hck 0.9.2
    │   └── is-terminal 0.4.7
    └── is-terminal 0.4.7

warning: 2 allowed warnings found

Regards from NetBSD

[sstadick]

Hello!! Thanks for making the issue!

Some day I'd love to set up appropriate automation to pull in updates, but haven't yet.

I will take a pass at updating deps for this project manually get a new version out! I don't have a specific timeline - always open to PRs for this as well.

[0323pin]

Thanks for your reply.
I did try about 6 month ago, #81

But failed, can't remember why ... might try again

[0323pin]

@sstadick So, I've tried #84 but, the CI is not happy 😞

error: failed to select a version for `env_logger`.
    ... required by package `hck v0.9.3 (/home/runner/work/hck/hck)`
versions that meet the requirements `^0.11.3` (locked to 0.11.3) are: 0.11.3

the package `hck` depends on `env_logger`, with features: `anstream` but `env_logger` does not have these features.
 It has an optional dependency with that name, but that dependency uses the "dep:" syntax in the features table, so it does not have an implicit feature with that name.

How to fix this? I've build it locally without errors or warnings and the resulting binary works just fine.

[0323pin]

Ok, I've managed to fix some of the issues with the CI but, now I need to update THIRDPARTY.yml in order to fix the third one. How do you this?

EDIT: Built and installed your tool cargo-bundle-licenses but I get quite a few WARN.

[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in anyhow:1.0.82 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/anyhow-1.0.82/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level UNSURE for MIT license in humantime:2.1.0 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/humantime-2.1.0/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in libc:0.2.153 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/libc-0.2.153/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in miniz_oxide:0.7.2 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/miniz_oxide-0.7.2/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in pin-project:1.1.5 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pin-project-1.1.5/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in pin-project-internal:1.1.5 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pin-project-internal-1.1.5/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in proc-macro2:1.0.79 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/proc-macro2-1.0.79/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in quote:1.0.36 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/quote-1.0.36/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in serde:1.0.197 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.197/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in serde_derive:1.0.197 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde_derive-1.0.197/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for MIT license in strsim:0.11.1 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/strsim-0.11.1/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in syn:2.0.58 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/syn-2.0.58/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in thiserror:1.0.58 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/thiserror-1.0.58/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in thiserror-impl:1.0.58 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/thiserror-impl-1.0.58/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in unicode-ident:1.0.12 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/unicode-ident-1.0.12/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] No license found for Unicode-DFS-2016 license in unicode-ident:1.0.12 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/unicode-ident-1.0.12/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] Confidence level SEMI for Apache-2.0 license in utf8parse:0.2.1 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/utf8parse-0.2.1/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] No license found for MIT license in winapi-i686-pc-windows-gnu:0.4.0 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/winapi-i686-pc-windows-gnu-0.4.0/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] No license found for Apache-2.0 license in winapi-i686-pc-windows-gnu:0.4.0 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/winapi-i686-pc-windows-gnu-0.4.0/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] No license found for MIT license in winapi-x86_64-pc-windows-gnu:0.4.0 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/winapi-x86_64-pc-windows-gnu-0.4.0/Cargo.toml
[2024-04-12T09:20:06Z WARN  bundle_licenses_lib::found_license] No license found for Apache-2.0 license in winapi-x86_64-pc-windows-gnu:0.4.0 - /home/pin/.cargo/registry/src/index.crates.io-6f17d22bba15001f/winapi-x86_64-pc-windows-gnu-0.4.0/Cargo.toml

If I understood this correctly, one is supposed to edit these manually and add the missing bits. But when I run cargo bundle-licenses --format yaml --output test.yml the file format looks slightly different when compared to your THIRDPARTY.yml file in the repository. So, I don't really dare to change that.

Waiting for some help/guidance from you.