ci/Check dependencies (#895)

.github/workflows/dependencies.yml

@@ -0,0 +1,53 @@
+name: dependencies
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/Cargo.lock'
+      - '**/Cargo.toml'
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - '**/Cargo.lock'
+      - '**/Cargo.toml'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  dependencies:
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: checkout
+        uses: actions/checkout@v4
+
+      - name: Audit Rust dependencies
+        uses: actions-rust-lang/audit@v1
+
+      - name: Detect multiple versions of the same crate
+        uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check bans licenses sources
+
+      - name: Install Rust nightly
+        uses: dtolnay/rust-toolchain@nightly
+        with:
+          toolchain: nightly
+          components: rustfmt
+
+      - name: Install cargo-udeps
+        env:
+          UDEPS_LINK: https://github.com/est31/cargo-udeps/releases/download
+          UDEPS_VERSION: v0.1.43
+        run: |
+          curl -L "$UDEPS_LINK/$UDEPS_VERSION/cargo-udeps-$UDEPS_VERSION-x86_64-unknown-linux-gnu.tar.gz" |
+          tar xz -C $HOME/.cargo/bin --strip-components 2
+
+      - name: Run cargo-udeps
+        run: |
+          cargo +nightly udeps --all-targets

Cargo.toml

@@ -1,4 +1,5 @@
 [workspace]
+# Try
 # require version 2 to avoid "feature" additiveness for dev-dependencies
 # https://doc.rust-lang.org/cargo/reference/resolver.html#feature-resolver-version-2
 resolver = "2"
@@ -75,7 +76,7 @@ wasm-logger = "0.2.0"
 futures-intrusive = "0.5"
 pollster = "0.3"
 text_placeholder = { version = "0.5.0", features = ["struct_context"] }
-wgpu = "0.17.1"
+wgpu = "0.18.0"
 
 #
 # The following packages disable the "std" feature for no_std compatibility

burn-autodiff/src/ops/mod.rs

@@ -10,4 +10,3 @@ pub(crate) mod maxmin;
 
 pub use backward::*;
 pub use base::*;
-pub use int_tensor::*;

burn-core/src/module/param/mod.rs

@@ -10,5 +10,4 @@ pub use base::*;
 pub use constant::*;
 pub use id::*;
 pub use running::*;
-pub use tensor::*;
 pub use visitor::*;

burn-core/src/nn/cache/mod.rs

@@ -1,5 +1,4 @@
 mod autoregressive;
 mod base;
 
-pub use autoregressive::*;
 pub use base::*;

burn-dataset/Cargo.toml

@@ -51,3 +51,6 @@ thiserror = {workspace = true}
 rayon = {workspace = true}
 rstest = {workspace = true}
 fake = {workspace = true}
+
+[package.metadata.cargo-udeps.ignore]
+normal = ["strum", "strum_macros"]

burn-import/Cargo.toml

@@ -41,4 +41,3 @@ protobuf-codegen = {workspace = true}
 
 [dev-dependencies]
 pretty_assertions = {workspace = true}
-rstest = {workspace = true}

burn-import/onnx-tests/Cargo.toml

@@ -2,6 +2,7 @@
 name = "onnx-tests"
 version = "0.11.0"
 edition = "2021"
+license = "MIT OR Apache-2.0"
 
 [dev-dependencies]
 burn = { path = "../../burn" }

burn-tensor-testgen/Cargo.toml

@@ -14,4 +14,3 @@ proc-macro = true
 [dependencies]
 proc-macro2 = {workspace = true}
 quote = {workspace = true}
-syn = {workspace = true}

burn-wgpu/Cargo.toml

@@ -53,7 +53,6 @@ burn-tensor = { path = "../burn-tensor", version = "0.11.0", default-features =
 burn-ndarray = { path = "../burn-ndarray", version = "0.11.0" }
 burn-fusion = { path = "../burn-fusion", version = "0.11.0" }
 serial_test = "2.0.0"
-pretty_assertions = {workspace = true}
 
 [[bench]]
 name = "matmul"

burn-wgpu/src/compute/server.rs

@@ -136,7 +136,10 @@ where
 
         let mut compute = self
             .encoder
-            .begin_compute_pass(&wgpu::ComputePassDescriptor { label: None });
+            .begin_compute_pass(&wgpu::ComputePassDescriptor {
+                label: None,
+                timestamp_writes: None,
+            });
 
         for task in self.tasks.iter() {
             compute.set_pipeline(&task.pipeline);

burn-wgpu/src/kernel/reduce/tune/mod.rs

@@ -3,7 +3,6 @@ mod key;
 mod mean_dim;
 mod sum_dim;
 
-pub use base::*;
 pub use key::*;
 pub use mean_dim::*;
 pub use sum_dim::*;

deny.toml

@@ -0,0 +1,104 @@
+# If 1 or more target triples (and optionally, target_features) are specified,
+# only the specified targets will be checked when running `cargo deny check`.
+# This means, if a particular package is only ever used as a target specific
+# dependency, such as, for example, the `nix` crate only being used via the
+# `target_family = "unix"` configuration, that only having windows targets in
+# this list would mean the nix crate, as well as any of its exclusive
+# dependencies not shared by any other crates, would be ignored, as the target
+# list here is effectively saying which targets you are building for.
+targets = [
+    { triple = "x86_64-unknown-linux-gnu" },
+    { triple = "aarch64-unknown-linux-gnu" },
+    { triple = "x86_64-unknown-linux-musl" },
+    { triple = "aarch64-apple-darwin" },
+    { triple = "x86_64-apple-darwin" },
+    { triple = "x86_64-pc-windows-msvc" },
+]
+
+[advisories]
+# The lint level for security vulnerabilities
+vulnerability = "deny"
+# The lint level for unmaintained crates
+unmaintained = "deny"
+# The lint level for crates that have been yanked from their source registry
+yanked = "deny"
+# The lint level for crates with security notices.
+notice = "deny"
+# A list of advisory IDs to ignore. Note that ignored advisories will still
+# output a note when they are encountered.
+ignore = [
+    #"RUSTSEC-0000-0000",
+]
+
+[bans]
+# Lint level for when multiple versions of the same crate are detected
+multiple-versions = "warn"
+# Lint level for when a crate version requirement is `*`
+wildcards = "allow"
+# The graph highlighting used when creating dotgraphs for crates
+# with multiple versions
+# * lowest-version - The path to the lowest versioned duplicate is highlighted
+# * simplest-path - The path to the version with the fewest edges is highlighted
+# * all - Both lowest-version and simplest-path are used
+highlight = "all"
+# The default lint level for `default` features for crates that are members of
+# the workspace that is being checked. This can be overridden by allowing/denying
+# `default` on a crate-by-crate basis if desired.
+workspace-default-features = "allow"
+# The default lint level for `default` features for external crates that are not
+# members of the workspace. This can be overridden by allowing/denying `default`
+# on a crate-by-crate basis if desired.
+external-default-features = "allow"
+# Certain crates/versions that will be skipped when doing duplicate detection.
+skip = [
+    #{ name = "crate", version = "=0.1.0" },
+]
+# Similarly to `skip` allows you to skip certain crates during duplicate
+# detection. Unlike skip, it also includes the entire tree of transitive
+# dependencies starting at the specified crate, up to a certain depth, which is
+# by default infinite.
+skip-tree = [
+    #{ name = "crate", version = "=0.1.0", depth = 20 },
+]
+
+[sources]
+# Lint level for what to happen when a crate from a crate registry that is not
+# in the allow list is encountered
+unknown-registry = "deny"
+# Lint level for what to happen when a crate from a git repository that is not
+# in the allow list is encountered
+unknown-git = "deny"
+
+[licenses]
+# The lint level for crates which do not have a detectable license
+unlicensed = "deny"
+# Lint level for licenses considered copyleft
+copyleft = "deny"
+# The confidence threshold for detecting a license from license text.
+# The higher the value, the more closely the license text must be to the
+# canonical license text of a valid SPDX license file.
+# [possible values: any between 0.0 and 1.0].
+confidence-threshold = 0.60
+# List of explicitly allowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
+allow = [
+    "Apache-2.0 WITH LLVM-exception",
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "MIT",
+    "MPL-2.0",
+    "OpenSSL",
+    "Unicode-DFS-2016",
+    "Unlicense",
+    "Zlib",
+]
+# Allow 1 or more licenses on a per-crate basis, so that particular licenses
+# aren't accepted for every possible crate as with the normal allow list
+exceptions = [
+    # Each entry is the crate and version constraint, and its specific allow
+    # list
+    #{ allow = ["license_name"], name = "crate", version = "*" },
+]

examples/mnist-inference-web/Cargo.toml

@@ -19,7 +19,6 @@ wgpu = ["burn/wgpu"]
 burn = { path = "../../burn", default-features = false }
 serde = { workspace = true }
 wasm-bindgen = { version = "0.2.87" }
-wasm-bindgen-futures = "0.4"
 js-sys = "0.3.64"
 
 [dev-dependencies]

examples/text-classification/Cargo.toml

@@ -22,7 +22,7 @@ wgpu = ["burn/wgpu"]
 burn = {path = "../../burn", features=["train", "ndarray", "fusion"]}
 
 # Tokenizer
-tokenizers = { version = "0.13.4", default-features = false, features = [
+tokenizers = { version = "0.15.0", default-features = false, features = [
   "onig",
   "http",
 ] }

examples/text-generation/Cargo.toml

@@ -15,7 +15,7 @@ f16 = []
 burn = {path = "../../burn", features=["train", "tch"]}
 
 # Tokenizer
-tokenizers = {version = "0.13.4", default-features = false, features = [
+tokenizers = {version = "0.15.0", default-features = false, features = [
   "onig",
   "http",
 ]}

xtask/Cargo.toml

@@ -2,6 +2,7 @@
 name = "xtask"
 version = "0.3.0"
 edition = "2021"
+license = "MIT OR Apache-2.0"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html