The use of release-plz to create release PRs should be handling semver-check, but although there are no unsafe in uap-rust (ua-parser or regex-filtered) there are a few tools which might be useful to add or try using:
- clippy, it's already run on CI but would probably be a good idea to run pedantic and check what could beneficially be enabled)
- dhat for memory profiling
- cargo-audit, for notification of security advisories, can ignore advisories via config file, probably of limited interest due to the limited set of dependencies.
- cargo-crev, same as above
- siderophile, tries to find unsafety via the callgraph
- cargo-machete, finds unused dependencies, seems unlikely when we have all of 3 (regex, itertools, serde)
- cargo-vet, checks for audits in dependencies
- cargo-deny, can lint the dependency graph
- fuzzing would be a good idea, for:
- regex-filtered's symbolic evaluator (so regex-filtered)
- uap-rust's templating
- uap-rust's regex simplifier
The use of release-plz to create release PRs should be handling semver-check, but although there are no unsafe in uap-rust (
ua-parserorregex-filtered) there are a few tools which might be useful to add or try using: