Skip to content

Log warning when PROC_MACRO exclusion is used with Cargo Lockfile Detector #1573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 15, 2025
Merged

Log warning when PROC_MACRO exclusion is used with Cargo Lockfile Detector #1573

merged 5 commits into from
Oct 15, 2025
+13 −0

Conversation

zahidblackduck
Copy link
Collaborator

JIRA Ticket
IDETECT-4850

Description
This merge request contains change to log a clear warning message when PROC_MACRO is included in the configured dependency-type exclusions but will be ignored by the Cargo Lockfile Detector.

  • Problem: --detect.cargo.dependency.types.excluded accepts NORMAL, BUILD, DEV, and PROC_MACRO. The Cargo Lockfile Detector cannot identify PROC_MACRO because those deps are not represented in Cargo.toml/Cargo.lock, so the exclusion will be ignored but was not clearly communicated.
  • Change: Log a warning message when PROC_MACRO is present in the exclusion filter and the Cargo Lockfile Detector is running.
  • Behavior: No functional change to detection flow. So, the execution continues, other valid exclusions are applied, and the process does not fail.

@zahidblackduck zahidblackduck self-assigned this Oct 10, 2025
cpottsbd
cpottsbd requested changes Oct 15, 2025
View reviewed changes
documentation/src/main/markdown/currentreleasenotes.md Outdated
* (IDETECT-4813) Fix Gradle Native Inspector to correctly identify projects with only `settings.gradle` or `settings.gradle.kts` file in the root directory.
* (IDETECT-4812) Gradle Native Inspector now supports configuration cache (refactored `init-detect.gradle` to add support for configuration cache in Gradle projects).
* (IDETECT-4845) With added support for extracting Python package versions from direct references [PEP 508 URIs](https://packaging.python.org/en/latest/specifications/dependency-specifiers/#environment-markers) in `pyproject.toml` files, [detect_product_short] now correctly parses versions from wheel and archive URLs and VCS references for impacted detectors (Setuptools CLI, Setuptools Parse, and UV Lock detectors). When data is missing or badly formatted, detectors gracefully switch back to reporting only the package name.
* (IDETECT-4850) Log warning when `PROC_MACRO` dependency exclusion is used with the Cargo Lockfile Detector.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor tweak suggestion:

  • (IDETECT-4850) Log a warning when unsupported PROC_MACRO dependency exclusion is attempted with the Cargo Lockfile Detector.

@zahidblackduck zahidblackduck merged commit e83e97c into master Oct 15, 2025
@zahidblackduck zahidblackduck deleted the dev/zahidblackduck/IDETECT-4850-log-warning branch October 15, 2025 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpottsbd cpottsbd cpottsbd approved these changes

@devmehtabd devmehtabd devmehtabd approved these changes

@karolynbd karolynbd karolynbd approved these changes

@andrian-sevastyanov andrian-sevastyanov andrian-sevastyanov approved these changes

@shantyk shantyk Awaiting requested review from shantyk

@dterrybd dterrybd Awaiting requested review from dterrybd

@bd-samratmuk bd-samratmuk Awaiting requested review from bd-samratmuk

Assignees

@zahidblackduck zahidblackduck

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@zahidblackduck @cpottsbd @devmehtabd @karolynbd @andrian-sevastyanov