and i have a tool to inspect dependencies: cargo-deplist
https://github.com/dingelish/cargo-deplist
it outputs a topological sort of dependency graph along with `source` metadata.
it seems we can find duplication or errors with the help of it.
future improvements: high-lighting the duplicated/su
thanks! I just tried with toml version. result shows that we can sgx info in
Cargo.toml like
```toml
[package]
name = "xxx"
version = "0.1.0+sgx1.1.1"
authors = ["Yu Ding "]
edition = "2018"
```
For dependents, it's the same as before:
```toml
[dependencies]
xxx = { version = "0.1.0" }
```
car
tricky one. Basically I think it is good practise to have one repo per version
number and vice versa. This way this issue couldn't happen. But as you're not
in charge of the upstream repo we're out of luck. You could of course split the
fork into single repos, but that makes rebasing a pain.
Ma
