Do we need the cargo dependency? #656
Description
Should we drop the cargo dependency?
- It's big and slow to compile.
- Requires openssl, libgit2.
- Has high MSRV.
- Keeping up with Cargo's API changes is a chore, especially that there are also behavior changes.
I think we could rely on shelling out to command-line for cargo. Anybody running cargo crev is obviously going to have the cargo binary. A combination of cargo metadata, crates-index, and cargo-lock could be enough.