diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000..fcadb2cf
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+* text eol=lf
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index e9c69953..76fa546d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -119,7 +119,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions-rs/toolchain@v1
         with:
-          toolchain: "1.46.0"
+          toolchain: "1.53.0"
           override: true
       - run: cargo fetch
       - name: cargo check
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 961a11f9..b549bc2f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- next-header -->
 ## [Unreleased] - ReleaseDate
+### Changed
+- [PR#358](https://github.com/EmbarkStudios/cargo-deny/pull/358) bumped the Minimum Stable Rust Version to **1.53.0**.
+- [PR#358](https://github.com/EmbarkStudios/cargo-deny/pull/358) bumped various dependencies, notably `semver` to `1.0.3`.
+
 ## [0.9.1] - 2021-03-26
 ### Changed
 - Updated dependencies
diff --git a/Cargo.lock b/Cargo.lock
index 1dda40d1..9253a5eb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4,9 +4,9 @@ version = 3
 
 [[package]]
 name = "addr2line"
-version = "0.14.1"
+version = "0.15.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a55f82cfe485775d02112886f4169bde0c5894d75e79ead7eafe7e40a25e45f7"
+checksum = "e7a2e47a1fbe209ee101dd6d61285226744c6c8d3c21c8dc878ba6cb9f467f3a"
 dependencies = [
  "gimli",
 ]
@@ -19,9 +19,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 
 [[package]]
 name = "aho-corasick"
-version = "0.7.15"
+version = "0.7.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7404febffaa47dac81aa44dba71523c9d069b1bdc50a77db41195149e17f68e5"
+checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f"
 dependencies = [
  "memchr",
 ]
@@ -46,15 +46,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.39"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81cddc5f91628367664cc7c69714ff08deee8a3efc54623011c772544d7b2767"
-
-[[package]]
-name = "ascii"
-version = "0.9.3"
+version = "1.0.42"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eab1c04a571841102f5345a8fc0f6bb3d31c315dec879b5c6e42e40ce7ffa34e"
+checksum = "595d3cfa7a60d4555cb5067b99f07142a08ea778de5cf993f7b75c7d8fabc486"
 
 [[package]]
 name = "askalono"
@@ -94,11 +88,12 @@ checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
 
 [[package]]
 name = "backtrace"
-version = "0.3.56"
+version = "0.3.60"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d117600f438b1707d4e4ae15d3595657288f8235a0eb593e80ecc98ab34e1bc"
+checksum = "b7815ea54e4d821e791162e078acbebfd6d8c8939cd559c9335dceb1c8ca7282"
 dependencies = [
  "addr2line",
+ "cc",
  "cfg-if 1.0.0",
  "libc",
  "miniz_oxide",
@@ -123,9 +118,9 @@ dependencies = [
 
 [[package]]
 name = "bitvec"
-version = "0.21.1"
+version = "0.22.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d23f76a953a42e113af6b4f3481ca32ff0a1ddbdcaa714a2333c956807b74a5f"
+checksum = "5237f00a8c86130a0cc317830e558b966dd7850d48a953d998c813f01a41b527"
 dependencies = [
  "funty",
  "radium",
@@ -135,9 +130,9 @@ dependencies = [
 
 [[package]]
 name = "bstr"
-version = "0.2.15"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a40b47ad93e1a5404e6c18dec46b628214fee441c70f4ab5d6942142cc268a3d"
+checksum = "90682c8d613ad3373e66de8c6411e0ae2ab2571e879d2efbf73558cc66f21279"
 dependencies = [
  "memchr",
 ]
@@ -148,6 +143,12 @@ version = "1.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
 
+[[package]]
+name = "bytes"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b700ce4376041dcd0a327fd0097c41095743c4c8af8887265942faf1100bd040"
+
 [[package]]
 name = "bytesize"
 version = "1.0.1"
@@ -165,19 +166,18 @@ dependencies = [
 
 [[package]]
 name = "cargo"
-version = "0.52.0"
+version = "0.54.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "668794d3757557250a8b7bf7d0920ca60910d9635e76d008caed037ec25c39b3"
+checksum = "6cbd976a733418564685769d03cca35bf228ddfc2c8a5e6771ca0f48ce80ae2e"
 dependencies = [
  "anyhow",
  "atty",
  "bytesize",
  "cargo-platform",
+ "cargo-util",
  "clap",
- "core-foundation",
  "crates-io",
  "crossbeam-utils",
- "crypto-hash",
  "curl",
  "curl-sys",
  "env_logger",
@@ -199,13 +199,12 @@ dependencies = [
  "libgit2-sys",
  "log",
  "memchr",
- "miow",
  "num_cpus",
  "opener",
  "percent-encoding",
+ "rand",
  "rustc-workspace-hack",
  "rustfix",
- "same-file",
  "semver 0.10.0",
  "serde",
  "serde_ignored",
@@ -246,7 +245,7 @@ dependencies = [
  "memchr",
  "rayon",
  "rustsec",
- "semver 0.11.0",
+ "semver 1.0.3",
  "serde",
  "serde_json",
  "similar",
@@ -262,11 +261,11 @@ dependencies = [
 
 [[package]]
 name = "cargo-lock"
-version = "6.0.1"
+version = "7.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6f16e7adc20969298b1e137ac21ab3a7e7a9412fec71f963ff2fdc41663d70f"
+checksum = "7fb04b88bd5b2036e30704f95c6ee16f3b5ca3b4ca307da2889d9006648e5c88"
 dependencies = [
- "semver 0.11.0",
+ "semver 1.0.3",
  "serde",
  "toml",
  "url",
@@ -281,34 +280,55 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "cargo-util"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a0c5259672ff02c8c4d291fb52c9e6936d97dbfacea8d7011a0621aaaaab4c28"
+dependencies = [
+ "anyhow",
+ "core-foundation",
+ "crypto-hash",
+ "filetime",
+ "hex 0.4.3",
+ "jobserver",
+ "libc",
+ "log",
+ "miow",
+ "same-file",
+ "shell-escape",
+ "tempfile",
+ "walkdir",
+ "winapi",
+]
+
 [[package]]
 name = "cargo_metadata"
-version = "0.13.1"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "081e3f0755c1f380c2d010481b6fa2e02973586d5f2b24eebb7a2a1d98b143d8"
+checksum = "c297bd3135f558552f99a0daa180876984ea2c4ffa7470314540dff8c654109a"
 dependencies = [
  "camino",
  "cargo-platform",
- "semver 0.11.0",
- "semver-parser 0.10.2",
+ "semver 1.0.3",
  "serde",
  "serde_json",
 ]
 
 [[package]]
 name = "cc"
-version = "1.0.67"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3c69b077ad434294d3ce9f1f6143a2a4b89a8a2d54ef813d85003a4fd1137fd"
+checksum = "e70cc2f62c6ce1868963827bd677764c62d07c3d9a3e1fb1177ee1a9ab199eb2"
 dependencies = [
  "jobserver",
 ]
 
 [[package]]
 name = "cfg-expr"
-version = "0.7.4"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30aa9e2ffbb838c6b451db14f3cd8e63ed622bf859f9956bc93845a10fafc26a"
+checksum = "70a1d12766bbdd5d44caab5df04a9bffec9cd855a1b44b15de5665d70c085f94"
 dependencies = [
  "smallvec",
  "target-lexicon",
@@ -375,15 +395,12 @@ dependencies = [
 
 [[package]]
 name = "combine"
-version = "3.8.1"
+version = "4.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da3da6baa321ec19e1cc41d31bf599f00c783d0517095cdaf0332e3fe8d20680"
+checksum = "a2d47c1b11006b87e492b53b313bb699ce60e16613c4dddaa91f8f7c220ab2fa"
 dependencies = [
- "ascii",
- "byteorder",
- "either",
+ "bytes",
  "memchr",
- "unreachable",
 ]
 
 [[package]]
@@ -422,9 +439,9 @@ checksum = "ea221b5284a47e40033bf9b66f35f984ec0ea2931eb03505246cd27a963f981b"
 
 [[package]]
 name = "crates-index"
-version = "0.16.4"
+version = "0.16.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f01dd064c9e221dd92ad85fce4530969b555ee01a284983da55b46e38690028b"
+checksum = "30905ea06bd8553b9cbb9ed5f7cbdae18159cc83b8ee3c7ca3c90f0128aa89cc"
 dependencies = [
  "git2",
  "glob",
@@ -463,9 +480,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam"
-version = "0.8.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd01a6eb3daaafa260f6fc94c3a6c36390abc2080e38e3e34ced87393fb77d80"
+checksum = "4ae5588f6b3c3cb05239e90bd110f257254aecd01e4635400391aeae07497845"
 dependencies = [
  "cfg-if 1.0.0",
  "crossbeam-channel",
@@ -477,9 +494,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-channel"
-version = "0.5.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dca26ee1f8d361640700bde38b2c37d8c22b3ce2d360e1fc1c74ea4b0aa7d775"
+checksum = "06ed27e177f16d65f0f0c22a213e17c696ace5dd64b14258b52f9417ccb52db4"
 dependencies = [
  "cfg-if 1.0.0",
  "crossbeam-utils",
@@ -498,9 +515,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-epoch"
-version = "0.9.3"
+version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2584f639eb95fea8c798496315b297cf81b9b58b6d30ab066a75455333cf4b12"
+checksum = "4ec02e091aa634e2c3ada4a392989e7c3116673ef0ac5b72232439094d73b7fd"
 dependencies = [
  "cfg-if 1.0.0",
  "crossbeam-utils",
@@ -511,9 +528,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-queue"
-version = "0.3.1"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0f6cb3c7f5b8e51bc3ebb73a2327ad4abdbd119dc13223f14f961d2f38486756"
+checksum = "9b10ddc024425c88c2ad148c1b0fd53f4c6d38db9697c9f1588381212fa657c9"
 dependencies = [
  "cfg-if 1.0.0",
  "crossbeam-utils",
@@ -521,11 +538,10 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-utils"
-version = "0.8.3"
+version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7e9d99fa91428effe99c5c6d4634cdeba32b8cf784fc428a2a687f61a952c49"
+checksum = "d82cfc11ce7f2c3faef78d8a684447b40d503d9681acebed6cb728d45940c4db"
 dependencies = [
- "autocfg",
  "cfg-if 1.0.0",
  "lazy_static",
 ]
@@ -544,9 +560,9 @@ dependencies = [
 
 [[package]]
 name = "curl"
-version = "0.4.35"
+version = "0.4.38"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a872858e9cb9e3b96c80dd78774ad9e32e44d3b05dc31e142b858d14aebc82c"
+checksum = "003cb79c1c6d1c93344c7e1201bb51c2148f24ec2bd9c253709d6b2efb796515"
 dependencies = [
  "curl-sys",
  "libc",
@@ -559,9 +575,9 @@ dependencies = [
 
 [[package]]
 name = "curl-sys"
-version = "0.4.41+curl-7.75.0"
+version = "0.4.44+curl-7.77.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ec466abd277c7cab2905948f3e94d10bc4963f1f5d47921c1cc4ffd2028fe65"
+checksum = "4b6d85e9322b193f117c966e79c2d6929ec08c02f339f950044aba12e20bbaf1"
 dependencies = [
  "cc",
  "libc",
@@ -575,9 +591,9 @@ dependencies = [
 
 [[package]]
 name = "cvss"
-version = "1.0.1"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2ecd8322bca85301b52d821806315c282c7e5f85f03b0609e68d4189bda8f58"
+checksum = "829862dabeab142ae0efd558d42d8fd874659268ccd810809ac6f1ee6bfcbd3f"
 dependencies = [
  "serde",
 ]
@@ -590,9 +606,9 @@ checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
 
 [[package]]
 name = "env_logger"
-version = "0.8.3"
+version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17392a012ea30ef05a610aa97dfb49496e71c9f676b27879922ea5bdf60d9d3f"
+checksum = "a19187fea3ac7e84da7dacf48de0c45d63c6a76f9490dae389aead16c243fce3"
 dependencies = [
  "atty",
  "humantime",
@@ -646,9 +662,9 @@ dependencies = [
 
 [[package]]
 name = "fixedbitset"
-version = "0.2.0"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d"
+checksum = "398ea4fabe40b9b0d885340a2a991a44c8a645624075ad966d21f88688e2b69e"
 
 [[package]]
 name = "flate2"
@@ -696,9 +712,9 @@ dependencies = [
 
 [[package]]
 name = "fs-err"
-version = "2.5.0"
+version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bcd1163ae48bda72a20ae26d66a04d3094135cadab911cff418ae5e33f253431"
+checksum = "5ebd3504ad6116843b8375ad70df74e7bfe83cac77a1f3fe73200c844d43bfe0"
 
 [[package]]
 name = "funty"
@@ -718,9 +734,9 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.2.2"
+version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8"
+checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753"
 dependencies = [
  "cfg-if 1.0.0",
  "libc",
@@ -729,15 +745,15 @@ dependencies = [
 
 [[package]]
 name = "gimli"
-version = "0.23.0"
+version = "0.24.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6503fe142514ca4799d4c26297c4248239fe8838d827db6bd6065c6ed29a6ce"
+checksum = "0e4075386626662786ddb0ec9081e7c7eeb1ba31951f447ca780ef9f5d568189"
 
 [[package]]
 name = "git2"
-version = "0.13.17"
+version = "0.13.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d250f5f82326884bd39c2853577e70a121775db76818ffa452ed1e80de12986"
+checksum = "d9831e983241f8c5591ed53f17d874833e2fa82cac2625f3888c50cbfe136cba"
 dependencies = [
  "bitflags",
  "libc",
@@ -768,9 +784,9 @@ checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
 
 [[package]]
 name = "globset"
-version = "0.4.6"
+version = "0.4.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c152169ef1e421390738366d2f796655fec62621dabbd0fd476f905934061e4a"
+checksum = "10463d9ff00a2a068db14231982f5132edebad0d7660cd956a1c30292dbcbfbd"
 dependencies = [
  "aho-corasick",
  "bstr",
@@ -781,24 +797,24 @@ dependencies = [
 
 [[package]]
 name = "hashbrown"
-version = "0.9.1"
+version = "0.11.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7afe4a420e3fe79967a00898cc1f4db7c8a49a9333a29f8a4bd76a253d5cd04"
+checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e"
 
 [[package]]
 name = "heck"
-version = "0.3.2"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87cbf45460356b7deeb5e3415b5563308c0a9b057c85e12b06ad551f98d0a6ac"
+checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c"
 dependencies = [
  "unicode-segmentation",
 ]
 
 [[package]]
 name = "hermit-abi"
-version = "0.1.18"
+version = "0.1.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c"
+checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
 dependencies = [
  "libc",
 ]
@@ -845,9 +861,9 @@ dependencies = [
 
 [[package]]
 name = "idna"
-version = "0.2.2"
+version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89829a5d69c23d348314a7ac337fe39173b61149a9864deabd260983aed48c21"
+checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8"
 dependencies = [
  "matches",
  "unicode-bidi",
@@ -856,9 +872,9 @@ dependencies = [
 
 [[package]]
 name = "ignore"
-version = "0.4.17"
+version = "0.4.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b287fb45c60bb826a0dc68ff08742b9d88a2fea13d6e0c286b3172065aaf878c"
+checksum = "713f1b139373f96a2e0ce3ac931cd01ee973c3c5dd7c40c0c2efe96ad2b6751d"
 dependencies = [
  "crossbeam-utils",
  "globset",
@@ -888,9 +904,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "1.6.2"
+version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "824845a0bf897a9042383849b02c1bc219c2383772efcd5c6f9766fa4b81aef3"
+checksum = "bc633605454125dec4b66843673f01c7df2b89479b32e0ed634e43a91cff62a5"
 dependencies = [
  "autocfg",
  "hashbrown",
@@ -913,23 +929,23 @@ checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736"
 
 [[package]]
 name = "jobserver"
-version = "0.1.21"
+version = "0.1.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c71313ebb9439f74b00d9d2dcec36440beaf57a6aa0623068441dd7cd81a7f2"
+checksum = "972f5ae5d1cb9c6ae417789196c803205313edde988685da5e3aae0827b9e7fd"
 dependencies = [
  "libc",
 ]
 
 [[package]]
 name = "krates"
-version = "0.7.0"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "698ad2dc883a126ce057c06783dd20150158ee58c61a228fb7f1fd5630ca5e4e"
+checksum = "7b8e69c980acf7a9ca774e6d2fe05a183ec64af83da248f441e4a98a8ba0de46"
 dependencies = [
  "cargo_metadata",
  "cfg-expr",
  "petgraph",
- "semver 0.11.0",
+ "semver 1.0.3",
 ]
 
 [[package]]
@@ -946,15 +962,15 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "libc"
-version = "0.2.91"
+version = "0.2.98"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8916b1f6ca17130ec6568feccee27c156ad12037880833a3b842a823236502e7"
+checksum = "320cfe77175da3a483efed4bc0adc1968ca050b098ce4f2f1c13a56626128790"
 
 [[package]]
 name = "libgit2-sys"
-version = "0.12.18+1.1.0"
+version = "0.12.21+1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3da6a42da88fc37ee1ecda212ffa254c25713532980005d5f7c0b0fbe7e6e885"
+checksum = "86271bacd72b2b9e854c3dcfb82efd538f15f870e4c11af66900effb462f6825"
 dependencies = [
  "cc",
  "libc",
@@ -990,9 +1006,9 @@ dependencies = [
 
 [[package]]
 name = "libz-sys"
-version = "1.1.2"
+version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "602113192b08db8f38796c4e85c39e960c145965140e918018bcde1952429655"
+checksum = "de5435b8549c16d423ed0c03dbaafe57cf6c3344744f1242520d59c9d8ecec66"
 dependencies = [
  "cc",
  "libc",
@@ -1023,15 +1039,15 @@ checksum = "7ffc5c5338469d4d3ea17d269fa8ea3512ad247247c30bd2df69e68309ed0a08"
 
 [[package]]
 name = "memchr"
-version = "2.3.4"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
+checksum = "b16bd47d9e329435e309c58469fe0791c2d0d1ba96ec0954152a5ae2b04387dc"
 
 [[package]]
 name = "memoffset"
-version = "0.6.2"
+version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc14fc54a812b4472b4113facc3e44d099fbc0ea2ce0551fa5c703f8edfbfd38"
+checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9"
 dependencies = [
  "autocfg",
 ]
@@ -1086,15 +1102,18 @@ dependencies = [
 
 [[package]]
 name = "object"
-version = "0.23.0"
+version = "0.25.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9a7ab5d64814df0fe4a4b5ead45ed6c5f181ee3ff04ba344313a6c80446c5d4"
+checksum = "a38f2be3697a57b4060074ff41b44c16870d916ad7877c17696e063257482bc7"
+dependencies = [
+ "memchr",
+]
 
 [[package]]
 name = "once_cell"
-version = "1.7.2"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af8b08b04175473088b46763e51ee54da5f9a164bc162f615b91bc179dbf15a3"
+checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56"
 
 [[package]]
 name = "opener"
@@ -1107,9 +1126,9 @@ dependencies = [
 
 [[package]]
 name = "openssl"
-version = "0.10.33"
+version = "0.10.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a61075b62a23fef5a29815de7536d940aa35ce96d18ce0cc5076272db678a577"
+checksum = "549430950c79ae24e6d02e0b7404534ecf311d94cc9f861e9e4020187d13d885"
 dependencies = [
  "bitflags",
  "cfg-if 1.0.0",
@@ -1121,9 +1140,9 @@ dependencies = [
 
 [[package]]
 name = "openssl-probe"
-version = "0.1.2"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77af24da69f9d9341038eba93a073b1fdaaa1b788221b00a69bce9e762cb32de"
+checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a"
 
 [[package]]
 name = "openssl-src"
@@ -1136,9 +1155,9 @@ dependencies = [
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.61"
+version = "0.9.65"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "313752393519e876837e09e1fa183ddef0be7735868dced3196f4472d536277f"
+checksum = "7a7907e3bfa08bb85105209cdfcb6c63d109f8f6c1ed6ca318fff5c1853fbc1d"
 dependencies = [
  "autocfg",
  "cc",
@@ -1165,9 +1184,9 @@ dependencies = [
 
 [[package]]
 name = "petgraph"
-version = "0.5.1"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "467d164a6de56270bd7c4d070df81d07beace25012d5103ced4e9ff08d6afdb7"
+checksum = "4a13a2fa9d0b63e5f22328828741e523766fff0ee9e779316902290dff3f824f"
 dependencies = [
  "fixedbitset",
  "indexmap",
@@ -1220,9 +1239,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.24"
+version = "1.0.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
+checksum = "f0d8caf72986c1a598726adc988bb5984792ef84f5ee5aa50209145ee8077038"
 dependencies = [
  "unicode-xid",
 ]
@@ -1244,24 +1263,24 @@ checksum = "643f8f41a8ebc4c5dc4515c82bb8abd397b527fc20fd681b7c011c2aee5d44fb"
 
 [[package]]
 name = "rand"
-version = "0.8.3"
+version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e"
+checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8"
 dependencies = [
  "libc",
  "rand_chacha",
- "rand_core 0.6.2",
+ "rand_core 0.6.3",
  "rand_hc",
 ]
 
 [[package]]
 name = "rand_chacha"
-version = "0.3.0"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
 dependencies = [
  "ppv-lite86",
- "rand_core 0.6.2",
+ "rand_core 0.6.3",
 ]
 
 [[package]]
@@ -1272,20 +1291,20 @@ checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
 
 [[package]]
 name = "rand_core"
-version = "0.6.2"
+version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7"
+checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
 dependencies = [
  "getrandom",
 ]
 
 [[package]]
 name = "rand_hc"
-version = "0.3.0"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73"
+checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7"
 dependencies = [
- "rand_core 0.6.2",
+ "rand_core 0.6.3",
 ]
 
 [[package]]
@@ -1299,9 +1318,9 @@ dependencies = [
 
 [[package]]
 name = "rayon"
-version = "1.5.0"
+version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b0d8e0819fadc20c74ea8373106ead0600e3a67ef1fe8da56e39b9ae7275674"
+checksum = "c06aca804d41dbc8ba42dfd964f0d01334eceb64314b9ecf7c5fad5188a06d90"
 dependencies = [
  "autocfg",
  "crossbeam-deque",
@@ -1311,9 +1330,9 @@ dependencies = [
 
 [[package]]
 name = "rayon-core"
-version = "1.9.0"
+version = "1.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ab346ac5921dc62ffa9f89b7a773907511cdfa5490c572ae9be1be33e8afa4a"
+checksum = "d78120e2c850279833f1dd3582f730c4ab53ed95aeaaaa862a2a5c71b1656d8e"
 dependencies = [
  "crossbeam-channel",
  "crossbeam-deque",
@@ -1324,18 +1343,18 @@ dependencies = [
 
 [[package]]
 name = "redox_syscall"
-version = "0.2.5"
+version = "0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94341e4e44e24f6b591b59e47a8a027df12e008d73fd5672dbea9cc22f4507d9"
+checksum = "5ab49abadf3f9e1c4bc499e8845e152ad87d2ad2d30371841171169e9d75feee"
 dependencies = [
  "bitflags",
 ]
 
 [[package]]
 name = "regex"
-version = "1.4.5"
+version = "1.5.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "957056ecddbeba1b26965114e191d2e8589ce74db242b6ea25fc4062427a5c19"
+checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -1344,9 +1363,9 @@ dependencies = [
 
 [[package]]
 name = "regex-syntax"
-version = "0.6.23"
+version = "0.6.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24d5f089152e60f62d28b835fbff2cd2e8dc0baf1ac13343bef92ab7eed84548"
+checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
 
 [[package]]
 name = "remove_dir_all"
@@ -1380,9 +1399,9 @@ dependencies = [
 
 [[package]]
 name = "rustc-demangle"
-version = "0.1.18"
+version = "0.1.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e3bad0ee36814ca07d7968269dd4b7ec89ec2da10c4bb613928d3077083c232"
+checksum = "dead70b0b5e03e9c814bcb6b01e03e68f7c57a80aa48c72ec92152ab3e818d49"
 
 [[package]]
 name = "rustc-workspace-hack"
@@ -1404,9 +1423,9 @@ dependencies = [
 
 [[package]]
 name = "rustsec"
-version = "0.23.3"
+version = "0.24.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09ca2e5b11f379d6f091b029f4efbcf77c2e5ce61628a3512944ac1718eafba5"
+checksum = "fedb4f4352e056a699c88cfd0dde0dece944ea8f52081f8403292d22b8fd4a97"
 dependencies = [
  "cargo-lock",
  "crates-index",
@@ -1417,7 +1436,7 @@ dependencies = [
  "humantime",
  "humantime-serde",
  "platforms",
- "semver 0.11.0",
+ "semver 1.0.3",
  "serde",
  "smol_str",
  "thiserror",
@@ -1473,6 +1492,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f301af10236f6df4160f7c3f04eec6dbc70ace82d23326abad5edee88801c6b6"
 dependencies = [
  "semver-parser 0.10.2",
+]
+
+[[package]]
+name = "semver"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f3aac57ee7f3272d8395c6e4f502f434f0e289fcd62876f70daa008c20dcabe"
+dependencies = [
  "serde",
 ]
 
@@ -1493,18 +1520,18 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.125"
+version = "1.0.126"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "558dc50e1a5a5fa7112ca2ce4effcb321b0300c0d4ccf0776a9f60cd89031171"
+checksum = "ec7505abeacaec74ae4778d9d9328fe5a5d04253220a85c4ee022239fc996d03"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.125"
+version = "1.0.126"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b093b7a2bb58203b5da3056c05b4ec1fed827dcfdb37347a8841695263b3d06d"
+checksum = "963a7dbc9895aeac7ac90e74f34a5d5261828f79df35cbed41e10189d3804d43"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1545,9 +1572,9 @@ checksum = "1ad1d488a557b235fc46dae55512ffbfc429d2482b08b4d9435ab07384ca8aec"
 
 [[package]]
 name = "sized-chunks"
-version = "0.6.4"
+version = "0.6.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "65e65d6a9f13cd78f361ea5a2cf53a45d67cdda421ba0316b9be101560f3d207"
+checksum = "16d69225bde7a69b235da73377861095455d298f2b970996eec25ddbb42b3d1e"
 dependencies = [
  "bitmaps",
  "typenum",
@@ -1561,9 +1588,9 @@ checksum = "fe0f37c9e8f3c5a4a66ad655a93c74daac4ad00c441533bf5c6e7990bb42604e"
 
 [[package]]
 name = "smartstring"
-version = "0.2.6"
+version = "0.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ada87540bf8ef4cf8a1789deb175626829bb59b1fefd816cf7f7f55efcdbae9"
+checksum = "29620fe111ceaba7a50fd806b5f44c1ef44a697a739f6677a4464c7ea8685997"
 dependencies = [
  "serde",
  "static_assertions",
@@ -1577,23 +1604,20 @@ checksum = "6ca0f7ce3a29234210f0f4f0b56f8be2e722488b95cb522077943212da3b32eb"
 
 [[package]]
 name = "socket2"
-version = "0.3.19"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "122e570113d28d773067fab24266b66753f6ea915758651696b6e35e49f88d6e"
+checksum = "9e3dfc207c526015c632472a77be09cf1b6e46866581aecae5cc38fb4235dea2"
 dependencies = [
- "cfg-if 1.0.0",
  "libc",
  "winapi",
 ]
 
 [[package]]
 name = "spdx"
-version = "0.4.0"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "55ebe4f76cacc83caff34a6ad8731a260d5d1213bdedc655968c62f6cbc92783"
+checksum = "39f6a7041c8f5ef47b1bf43eee1adc338506f237207917ca19810c2e7a42f9e1"
 dependencies = [
- "lazy_static",
- "regex",
  "smallvec",
 ]
 
@@ -1620,9 +1644,9 @@ checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
 
 [[package]]
 name = "structopt"
-version = "0.3.21"
+version = "0.3.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5277acd7ee46e63e5168a80734c9f6ee81b1367a7d8772a2d765df2a3705d28c"
+checksum = "69b041cdcb67226aca307e6e7be44c8806423d83e018bd662360a93dabce4d71"
 dependencies = [
  "clap",
  "lazy_static",
@@ -1631,9 +1655,9 @@ dependencies = [
 
 [[package]]
 name = "structopt-derive"
-version = "0.4.14"
+version = "0.4.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ba9cdfda491b814720b6b06e0cac513d922fc407582032e8706e9f137976f90"
+checksum = "7813934aecf5f51a54775e00068c237de98489463968231a51746bbbc03f9c10"
 dependencies = [
  "heck",
  "proc-macro-error",
@@ -1644,9 +1668,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "1.0.64"
+version = "1.0.73"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fd9d1e9976102a03c542daa2eff1b43f9d72306342f3f8b3ed5fb8908195d6f"
+checksum = "f71489ff30030d2ae598524f61326b902466f72a0fb1a8564c001cc63425bcc7"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1655,9 +1679,9 @@ dependencies = [
 
 [[package]]
 name = "synstructure"
-version = "0.12.4"
+version = "0.12.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b834f2d66f734cb897113e34aaff2f1ab4719ca946f9a7358dba8f8064148701"
+checksum = "474aaa926faa1603c40b7885a9eaea29b444d1cb2850cb7c0e37bb1a4182f4fa"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1673,9 +1697,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
 
 [[package]]
 name = "tar"
-version = "0.4.33"
+version = "0.4.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0bcfbd6a598361fda270d82469fff3d65089dc33e175c9a131f7b4cd395f228"
+checksum = "7d779dc6aeff029314570f666ec83f19df7280bb36ef338442cfa8c604021b80"
 dependencies = [
  "filetime",
  "libc",
@@ -1683,9 +1707,9 @@ dependencies = [
 
 [[package]]
 name = "target-lexicon"
-version = "0.11.2"
+version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "422045212ea98508ae3d28025bc5aaa2bd4a9cdaecd442a08da2ee620ee9ea95"
+checksum = "b0652da4c4121005e9ed22b79f6c5f2d9e2752906b53a33e9490489ba421a6fb"
 
 [[package]]
 name = "tempfile"
@@ -1721,18 +1745,18 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "1.0.24"
+version = "1.0.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0f4a65597094d4483ddaed134f409b2cb7c1beccf25201a9f73c719254fa98e"
+checksum = "93119e4feac1cbe6c798c34d3a53ea0026b0b1de6a120deef895137c0529bfe2"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "1.0.24"
+version = "1.0.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7765189610d8241a44529806d6fd1f2e0a08734313a35d5b3a556f92b381f3c0"
+checksum = "060d69a0afe7796bf42e9e2ff91f5ee691fb15c53d38b4b62a9a53eb23164745"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1760,9 +1784,9 @@ dependencies = [
 
 [[package]]
 name = "tinyvec"
-version = "1.1.1"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "317cca572a0e89c3ce0ca1f1bdc9369547fe318a683418e42ac8f59d14701023"
+checksum = "5b5220f05bb7de7f3f53c7c065e1199b3172696fe2db9f9c4d8ad9b4ee74c342"
 dependencies = [
  "tinyvec_macros",
 ]
@@ -1784,9 +1808,9 @@ dependencies = [
 
 [[package]]
 name = "toml_edit"
-version = "0.2.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09391a441b373597cf0888d2b052dcf82c5be4fee05da3636ae30fb57aad8484"
+checksum = "dbbdcf4f749dd33b1f1ea19b547bf789d87442ec40767d6015e5e2d39158d69a"
 dependencies = [
  "chrono",
  "combine",
@@ -1817,27 +1841,27 @@ checksum = "56dee185309b50d1f11bfedef0fe6d036842e3fb77413abef29f8f8d1c5d4c1c"
 
 [[package]]
 name = "unicode-bidi"
-version = "0.3.4"
+version = "0.3.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5"
+checksum = "eeb8be209bb1c96b7c177c7420d26e04eccacb0eeae6b980e35fcb74678107e0"
 dependencies = [
  "matches",
 ]
 
 [[package]]
 name = "unicode-normalization"
-version = "0.1.17"
+version = "0.1.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07fbfce1c8a97d547e8b5334978438d9d6ec8c20e38f56d4a4374d181493eaef"
+checksum = "d54590932941a9e9266f0832deed84ebe1bf2e4c9e4a3554d393d18f5e854bf9"
 dependencies = [
  "tinyvec",
 ]
 
 [[package]]
 name = "unicode-segmentation"
-version = "1.7.1"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb0d2e7be6ae3a5fa87eed5fb451aff96f2573d2694942e40543ae0bbe19c796"
+checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b"
 
 [[package]]
 name = "unicode-width"
@@ -1847,24 +1871,15 @@ checksum = "9337591893a19b88d8d87f2cec1e73fad5cdfd10e5a6f349f498ad6ea2ffb1e3"
 
 [[package]]
 name = "unicode-xid"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
-
-[[package]]
-name = "unreachable"
-version = "1.0.0"
+version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "382810877fe448991dfc7f0dd6e3ae5d58088fd0ea5e35189655f84e6814fa56"
-dependencies = [
- "void",
-]
+checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3"
 
 [[package]]
 name = "url"
-version = "2.2.1"
+version = "2.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ccd964113622c8e9322cfac19eb1004a07e636c545f325da085d5cdde6f1f8b"
+checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c"
 dependencies = [
  "form_urlencoded",
  "idna",
@@ -1881,9 +1896,9 @@ checksum = "8772a4ccbb4e89959023bc5b7cb8623a795caa7092d99f3aa9501b9484d4557d"
 
 [[package]]
 name = "vcpkg"
-version = "0.2.11"
+version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b00bca6106a5e23f3eee943593759b7fcddb00554332e856d990c893966879fb"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 
 [[package]]
 name = "vec_map"
@@ -1897,12 +1912,6 @@ version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
 
-[[package]]
-name = "void"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
-
 [[package]]
 name = "vte"
 version = "0.3.3"
@@ -1962,9 +1971,12 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
 [[package]]
 name = "wyz"
-version = "0.2.0"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214"
+checksum = "129e027ad65ce1453680623c3fb5163cbf7107bfe1aa32257e7d0e63f9ced188"
+dependencies = [
+ "tap",
+]
 
 [[package]]
 name = "zstd"
diff --git a/Cargo.toml b/Cargo.toml
index 6977d5e3..b2145bbf 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -43,9 +43,9 @@ askalono = "0.4"
 # Used to detect if an output stream is a TTY to control default coloring
 atty = "0.2"
 # Used to track various things during check runs
-bitvec = { version = "0.21", features = ["alloc"] }
+bitvec = { version = "0.22", features = ["alloc"] }
 # Allows us to do eg cargo metadata operations without relying on an external cargo
-cargo = { version = "0.52", optional = true }
+cargo = { version = "0.54", optional = true }
 # Timey wimey stuff
 chrono = "0.4"
 # Used for diagnostic reporting
@@ -63,7 +63,7 @@ git2 = { version = "0.13", features = ["vendored-openssl"] }
 # We need to figure out HOME/CARGO_HOME in some cases
 home = "0.5"
 # Provides graphs on top of cargo_metadata
-krates = { version = "0.7", features = ["targets"] }
+krates = { version = "0.8", features = ["targets"] }
 # Log macros
 log = "0.4"
 # Used when parsing binary files in registry index caches
@@ -71,16 +71,16 @@ memchr = "2.3"
 # Moar brrrr
 rayon = "1.4"
 # Used for interacting with advisory databases
-rustsec = "0.23"
+rustsec = "0.24"
 # Parsing and checking of versions/version requirements
-semver = "0.11"
+semver = "1.0"
 # Gee what could it be
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 # Avoid some heap allocations when we likely won't need them
 smallvec = "1.6"
 # Used for parsing and checking SPDX license expressions
-spdx = "0.4"
+spdx = "0.5"
 # Handles all of the argument parsing
 structopt = "0.3"
 # Deserialization of configuration files and crate manifests
diff --git a/README.md b/README.md
index 1b05846c..42264240 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 [![Crates.io](https://img.shields.io/crates/v/cargo-deny.svg)](https://crates.io/crates/cargo-deny)
 [![Docs](https://img.shields.io/badge/The%20Book-📕-brightgreen.svg)](https://embarkstudios.github.io/cargo-deny/)
 [![API Docs](https://docs.rs/cargo-deny/badge.svg)](https://docs.rs/cargo-deny)
-[![Minimum Stable Rust Version](https://img.shields.io/badge/Rust-1.46.0-blue?color=fc8d62&logo=rust)](https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html)
+[![Minimum Stable Rust Version](https://img.shields.io/badge/Rust-1.53.0-blue?color=fc8d62&logo=rust)](https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html)
 [![SPDX Version](https://img.shields.io/badge/SPDX%20Version-3.11-blue.svg)](https://spdx.org/licenses/)
 [![dependency status](https://deps.rs/repo/github/EmbarkStudios/cargo-deny/status.svg)](https://deps.rs/repo/github/EmbarkStudios/cargo-deny)
 [![Build Status](https://github.com/EmbarkStudios/cargo-deny/workflows/CI/badge.svg)](https://github.com/EmbarkStudios/cargo-deny/actions?workflow=CI)
diff --git a/deny.toml b/deny.toml
index 51b08909..5c5bc0b2 100644
--- a/deny.toml
+++ b/deny.toml
@@ -1,7 +1,9 @@
 # cargo-deny is really only ever intended to run on the "normal" tier-1 targets
 targets = [
     { triple = "x86_64-unknown-linux-gnu" },
+    { triple = "aarch64-unknown-linux-gnu" },
     { triple = "x86_64-unknown-linux-musl" },
+    { triple = "aarch64-apple-darwin" },
     { triple = "x86_64-apple-darwin" },
     { triple = "x86_64-pc-windows-msvc" },
 ]
@@ -33,6 +35,8 @@ skip = [
     # cargo uses an older version of semver
     { name = "semver", version = "=0.10.0" },
     { name = "semver-parser", version = "=0.7.0" },
+    # rustsec pulls in 0.11 via an old version of crates-index
+    { name = "semver", version = "=0.11.0" },
 ]
 
 [sources]
diff --git a/src/advisories/mod.rs b/src/advisories.rs
similarity index 96%
rename from src/advisories/mod.rs
rename to src/advisories.rs
index fd4cd299..4d830913 100644
--- a/src/advisories/mod.rs
+++ b/src/advisories.rs
@@ -74,7 +74,7 @@ pub fn check<R>(
                 // it's not strictly correct so we do emit a warning to notify the user
                 // (though to be honest most people only run cargo-deny in CI and won't notice)
                 if let Some(versions) = versions {
-                    if krate.version.is_prerelease() {
+                    if !krate.version.pre.is_empty() {
                         let rematch = semver::Version::new(
                             krate.version.major,
                             krate.version.minor,
@@ -84,7 +84,7 @@ pub fn check<R>(
                         // Patches are usually (always) specified in ascending order,
                         // so we walk them in reverse to get the closest patch that
                         // may apply to the crate version in question
-                        for patched in versions.patched.iter().rev() {
+                        for patched in versions.patched().iter().rev() {
                             if patched.matches(&rematch) {
                                 let skipped_diag =
                                     ctx.diag_for_prerelease_skipped(krate, i, advisory, patched);
@@ -93,7 +93,7 @@ pub fn check<R>(
                             }
                         }
 
-                        for unaffected in versions.unaffected.iter().rev() {
+                        for unaffected in versions.unaffected().iter().rev() {
                             if unaffected.matches(&rematch) {
                                 let skipped_diag =
                                     ctx.diag_for_prerelease_skipped(krate, i, advisory, unaffected);
diff --git a/src/advisories/diags.rs b/src/advisories/diags.rs
index 1fb8c6f5..e1ed3194 100644
--- a/src/advisories/diags.rs
+++ b/src/advisories/diags.rs
@@ -99,13 +99,13 @@ impl<'a> crate::CheckCtx<'a, super::cfg::ValidConfig> {
         let mut notes = get_notes_from_advisory(advisory);
 
         if let Some(versions) = versions {
-            if versions.patched.is_empty() {
+            if versions.patched().is_empty() {
                 notes.push("Solution: No safe upgrade is available!".to_owned())
             } else {
                 notes.push(format!(
                     "Solution: Upgrade to {}",
                     versions
-                        .patched
+                        .patched()
                         .iter()
                         .map(ToString::to_string)
                         .collect::<Vec<_>>()
diff --git a/src/advisories/fix.rs b/src/advisories/fix.rs
index 851911f9..12acd8df 100644
--- a/src/advisories/fix.rs
+++ b/src/advisories/fix.rs
@@ -62,7 +62,7 @@ impl super::Report {
             .iter()
             .map(|vuln| Patchable {
                 advisory: &vuln.advisory,
-                patched: &vuln.versions.patched,
+                patched: vuln.versions.patched(),
                 krate: &vuln.package,
             })
             .chain(self.iter_warnings().filter_map(|(kind, warning)| {
@@ -74,7 +74,7 @@ impl super::Report {
                 warning.versions.as_ref().and_then(|vs| {
                     warning.advisory.as_ref().map(|adv| Patchable {
                         advisory: adv,
-                        patched: &vs.patched,
+                        patched: vs.patched(),
                         krate: &warning.package,
                     })
                 })
diff --git a/src/bans.rs b/src/bans.rs
new file mode 100644
index 00000000..9a2e1568
--- /dev/null
+++ b/src/bans.rs
@@ -0,0 +1,442 @@
+pub mod cfg;
+mod diags;
+mod graph;
+
+use self::cfg::{TreeSkip, ValidConfig};
+use crate::{
+    diag::{self, CfgCoord, FileId, KrateCoord},
+    Kid, Krate, Krates, LintLevel,
+};
+use anyhow::Error;
+use semver::VersionReq;
+use std::fmt;
+
+#[derive(PartialEq)]
+#[cfg_attr(test, derive(Debug))]
+pub struct KrateId {
+    pub(crate) name: String,
+    pub(crate) version: VersionReq,
+}
+
+impl fmt::Display for KrateId {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{} = {}", self.name, self.version)
+    }
+}
+
+struct ReqMatch<'vr> {
+    id: &'vr cfg::Skrate,
+    index: usize,
+}
+
+/// Returns the version requirements that matched the version, if any
+#[inline]
+fn matches<'v>(arr: &'v [cfg::Skrate], details: &Krate) -> Option<Vec<ReqMatch<'v>>> {
+    let matches: Vec<_> = arr
+        .iter()
+        .enumerate()
+        .filter_map(|(index, req)| {
+            if req.value.name == details.name && req.value.version.matches(&details.version) {
+                Some(ReqMatch { id: req, index })
+            } else {
+                None
+            }
+        })
+        .collect();
+
+    if matches.is_empty() {
+        None
+    } else {
+        Some(matches)
+    }
+}
+
+struct SkipRoot {
+    span: std::ops::Range<usize>,
+    skip_crates: Vec<Kid>,
+    skip_hits: bitvec::vec::BitVec,
+}
+
+use bitvec::prelude::*;
+
+// If trees are being skipped, walk each one down to the specified depth and add
+// each dependency as a skipped crate at the specific version
+struct TreeSkipper {
+    roots: Vec<SkipRoot>,
+    cfg_file_id: FileId,
+}
+
+impl TreeSkipper {
+    fn build(
+        skip_roots: Vec<crate::Spanned<TreeSkip>>,
+        krates: &Krates,
+        cfg_file_id: FileId,
+    ) -> (Self, Pack) {
+        let mut roots = Vec::with_capacity(skip_roots.len());
+
+        let mut pack = Pack::new(Check::Bans);
+
+        for ts in skip_roots {
+            let num_roots = roots.len();
+
+            for krate in krates.search_matches(&ts.value.id.name, &ts.value.id.version) {
+                roots.push(Self::build_skip_root(ts.clone(), krate.0, krates));
+            }
+
+            // If no roots were added, add a diagnostic that the user's configuration
+            // is outdated so they can fix or clean it up
+            if roots.len() == num_roots {
+                pack.push(diags::UnmatchedSkipRoot {
+                    skip_root_cfg: CfgCoord {
+                        file: cfg_file_id,
+                        span: ts.span,
+                    },
+                });
+            }
+        }
+
+        (Self { roots, cfg_file_id }, pack)
+    }
+
+    fn build_skip_root(
+        ts: crate::Spanned<TreeSkip>,
+        krate_id: krates::NodeId,
+        krates: &Krates,
+    ) -> SkipRoot {
+        let span = ts.span;
+        let ts = ts.value;
+
+        let max_depth = ts.depth.unwrap_or(std::usize::MAX);
+        let mut skip_crates = Vec::with_capacity(10);
+
+        let graph = krates.graph();
+
+        let mut pending = vec![(krate_id, 1)];
+        while let Some((node_id, depth)) = pending.pop() {
+            if depth < max_depth {
+                for dep in graph.edges_directed(node_id, Direction::Outgoing) {
+                    pending.push((dep.target(), depth + 1));
+                }
+            }
+
+            let pkg_id = &krates[node_id].id;
+            if let Err(i) = skip_crates.binary_search(pkg_id) {
+                skip_crates.insert(i, pkg_id.clone());
+            }
+        }
+
+        let skip_hits = bitvec![0; skip_crates.len()];
+
+        SkipRoot {
+            span,
+            skip_crates,
+            skip_hits,
+        }
+    }
+
+    fn matches(&mut self, krate: &Krate, pack: &mut Pack) -> bool {
+        let mut skip = false;
+
+        for root in &mut self.roots {
+            if let Ok(i) = root.skip_crates.binary_search(&krate.id) {
+                pack.push(diags::SkippedByRoot {
+                    krate,
+                    skip_root_cfg: CfgCoord {
+                        file: self.cfg_file_id,
+                        span: root.span.clone(),
+                    },
+                });
+
+                root.skip_hits.as_mut_bitslice().set(i, true);
+                skip = true;
+            }
+        }
+
+        skip
+    }
+}
+
+pub struct DupGraph {
+    pub duplicate: String,
+    pub graph: String,
+}
+
+pub type OutputGraph = dyn Fn(DupGraph) -> Result<(), Error> + Send + Sync;
+
+use crate::diag::{Check, Diag, Pack, Severity};
+use krates::petgraph::{visit::EdgeRef, Direction};
+
+pub fn check(
+    ctx: crate::CheckCtx<'_, ValidConfig>,
+    output_graph: Option<Box<OutputGraph>>,
+    cargo_spans: diag::CargoSpans,
+    mut sink: diag::ErrorSink,
+) {
+    let wildcard = VersionReq::parse("*").expect("Parsing wildcard mustnt fail");
+
+    let ValidConfig {
+        file_id,
+        denied,
+        allowed,
+        skipped,
+        multiple_versions,
+        highlight,
+        tree_skipped,
+        wildcards,
+    } = ctx.cfg;
+
+    let krate_spans = &ctx.krate_spans;
+    let (mut tree_skipper, build_diags) = TreeSkipper::build(tree_skipped, ctx.krates, file_id);
+
+    if !build_diags.is_empty() {
+        sink.push(build_diags);
+    }
+
+    let (denied_ids, ban_wrappers): (Vec<_>, Vec<_>) =
+        denied.into_iter().map(|kb| (kb.id, kb.wrappers)).unzip();
+
+    // Keep track of all the crates we skip, and emit a warning if
+    // we encounter a skip that didn't actually match any crate version
+    // so that people can clean up their config files
+    let mut skip_hit = bitvec![0; skipped.len()];
+
+    struct MultiDetector<'a> {
+        name: &'a str,
+        dupes: smallvec::SmallVec<[usize; 2]>,
+    }
+
+    let mut multi_detector = MultiDetector {
+        name: &ctx.krates.krates().next().unwrap().krate.name,
+        dupes: smallvec::SmallVec::new(),
+    };
+
+    for (i, krate) in ctx.krates.krates().map(|kn| &kn.krate).enumerate() {
+        let mut pack = Pack::with_kid(Check::Bans, krate.id.clone());
+
+        if let Some(matches) = matches(&denied_ids, krate) {
+            for rm in matches {
+                let ban_cfg = CfgCoord {
+                    file: file_id,
+                    span: rm.id.span.clone(),
+                };
+
+                // The crate is banned, but it might have be allowed if it's wrapped
+                // by one or more particular crates
+                let wrappers = ban_wrappers.get(rm.index);
+                let is_allowed = match wrappers {
+                    Some(wrappers) => {
+                        let nid = ctx.krates.nid_for_kid(&krate.id).unwrap();
+                        let graph = ctx.krates.graph();
+
+                        // Ensure that every single crate that has a direct dependency
+                        // on the banned crate is an allowed wrapper
+                        graph
+                            .edges_directed(nid, Direction::Incoming)
+                            .map(|edge| edge.source())
+                            .all(|nid| {
+                                let node = &graph[nid];
+
+                                let (diag, is_allowed): (Diag, _) =
+                                    match wrappers.iter().find(|aw| aw.value == node.krate.name) {
+                                        Some(aw) => (
+                                            diags::BannedAllowedByWrapper {
+                                                ban_cfg: ban_cfg.clone(),
+                                                ban_exception_cfg: CfgCoord {
+                                                    file: file_id,
+                                                    span: aw.span.clone(),
+                                                },
+                                                banned_krate: krate,
+                                                wrapper_krate: &node.krate,
+                                            }
+                                            .into(),
+                                            true,
+                                        ),
+                                        None => (
+                                            diags::BannedUnmatchedWrapper {
+                                                ban_cfg: ban_cfg.clone(),
+                                                banned_krate: krate,
+                                                parent_krate: &node.krate,
+                                            }
+                                            .into(),
+                                            false,
+                                        ),
+                                    };
+
+                                pack.push(diag);
+                                is_allowed
+                            })
+                    }
+                    None => false,
+                };
+
+                if !is_allowed {
+                    pack.push(diags::ExplicitlyBanned { krate, ban_cfg });
+                }
+            }
+        }
+
+        if !allowed.is_empty() {
+            // Since only allowing specific crates is pretty draconian,
+            // also emit which allow filters actually passed each crate
+            match matches(&allowed, krate) {
+                Some(matches) => {
+                    for rm in matches {
+                        pack.push(diags::ExplicitlyAllowed {
+                            krate,
+                            allow_cfg: CfgCoord {
+                                file: file_id,
+                                span: rm.id.span.clone(),
+                            },
+                        });
+                    }
+                }
+                None => {
+                    pack.push(diags::ImplicitlyBanned { krate });
+                }
+            }
+        }
+
+        if let Some(matches) = matches(&skipped, krate) {
+            for rm in matches {
+                pack.push(diags::Skipped {
+                    krate,
+                    skip_cfg: CfgCoord {
+                        file: file_id,
+                        span: rm.id.span.clone(),
+                    },
+                });
+
+                // Keep a count of the number of times each skip filter is hit
+                // so that we can report unused filters to the user so that they
+                // can cleanup their configs as their dependency graph changes over time
+                skip_hit.as_mut_bitslice().set(rm.index, true);
+            }
+        } else if !tree_skipper.matches(krate, &mut pack) {
+            if multi_detector.name != krate.name {
+                if multi_detector.dupes.len() > 1 && multiple_versions != LintLevel::Allow {
+                    let severity = match multiple_versions {
+                        LintLevel::Warn => Severity::Warning,
+                        LintLevel::Deny => Severity::Error,
+                        LintLevel::Allow => unreachable!(),
+                    };
+
+                    let mut all_start = std::usize::MAX;
+                    let mut all_end = 0;
+
+                    let mut kids = smallvec::SmallVec::<[Kid; 2]>::new();
+
+                    #[allow(clippy::needless_range_loop)]
+                    for dup in multi_detector.dupes.iter().cloned() {
+                        let span = &ctx.krate_spans[dup];
+
+                        if span.start < all_start {
+                            all_start = span.start
+                        }
+
+                        if span.end > all_end {
+                            all_end = span.end
+                        }
+
+                        let krate = &ctx.krates[dup];
+
+                        kids.push(krate.id.clone());
+                    }
+
+                    {
+                        let mut diag: Diag = diags::Duplicates {
+                            krate_name: multi_detector.name,
+                            num_dupes: kids.len(),
+                            krates_coord: KrateCoord {
+                                file: krate_spans.file_id,
+                                span: all_start..all_end,
+                            },
+                            severity,
+                        }
+                        .into();
+
+                        diag.kids = kids;
+
+                        let mut pack = Pack::new(Check::Bans);
+                        pack.push(diag);
+
+                        sink.push(pack);
+                    }
+
+                    if let Some(ref og) = output_graph {
+                        match graph::create_graph(
+                            multi_detector.name,
+                            highlight,
+                            ctx.krates,
+                            &multi_detector.dupes,
+                        ) {
+                            Ok(graph) => {
+                                if let Err(e) = og(DupGraph {
+                                    duplicate: multi_detector.name.to_owned(),
+                                    graph,
+                                }) {
+                                    log::error!("{}", e);
+                                }
+                            }
+                            Err(e) => {
+                                log::error!(
+                                    "unable to create graph for {}: {}",
+                                    multi_detector.name,
+                                    e
+                                );
+                            }
+                        };
+                    }
+                }
+
+                multi_detector.name = &krate.name;
+                multi_detector.dupes.clear();
+            }
+
+            multi_detector.dupes.push(i);
+
+            if wildcards != LintLevel::Allow {
+                let severity = match wildcards {
+                    LintLevel::Warn => Severity::Warning,
+                    LintLevel::Deny => Severity::Error,
+                    LintLevel::Allow => unreachable!(),
+                };
+
+                let wildcards: Vec<_> = krate
+                    .deps
+                    .iter()
+                    .filter(|dep| dep.req == wildcard)
+                    .collect();
+
+                if !wildcards.is_empty() {
+                    sink.push(diags::Wildcards {
+                        krate,
+                        severity,
+                        wildcards,
+                        cargo_spans: &cargo_spans,
+                    });
+                }
+            }
+        }
+
+        if !pack.is_empty() {
+            sink.push(pack);
+        }
+    }
+
+    let mut pack = Pack::new(Check::Bans);
+
+    for skip in skip_hit
+        .into_iter()
+        .zip(skipped.into_iter())
+        .filter_map(|(hit, skip)| if !hit { Some(skip) } else { None })
+    {
+        pack.push(diags::UnmatchedSkip {
+            skip_cfg: CfgCoord {
+                file: file_id,
+                span: skip.span,
+            },
+        });
+    }
+
+    sink.push(pack);
+}
diff --git a/src/bans/cfg.rs b/src/bans/cfg.rs
index f0cfd18a..f017c192 100644
--- a/src/bans/cfg.rs
+++ b/src/bans/cfg.rs
@@ -39,8 +39,9 @@ pub struct TreeSkip {
     pub depth: Option<usize>,
 }
 
+#[inline]
 fn any() -> VersionReq {
-    VersionReq::any()
+    VersionReq::STAR
 }
 
 const fn highlight() -> GraphHighlight {
@@ -117,8 +118,6 @@ impl crate::cfg::UnvalidatedConfig for Config {
     type ValidCfg = ValidConfig;
 
     fn validate(self, cfg_file: FileId, diags: &mut Vec<Diagnostic>) -> Self::ValidCfg {
-        use rayon::prelude::*;
-
         let from = |s: Spanned<CrateId>| {
             Skrate::new(
                 KrateId {
@@ -129,7 +128,7 @@ impl crate::cfg::UnvalidatedConfig for Config {
             )
         };
 
-        let mut denied: Vec<_> = self
+        let denied: Vec<_> = self
             .deny
             .into_iter()
             .map(|cb| KrateBan {
@@ -143,13 +142,9 @@ impl crate::cfg::UnvalidatedConfig for Config {
                 wrappers: cb.wrappers,
             })
             .collect();
-        denied.par_sort();
-
-        let mut allowed: Vec<_> = self.allow.into_iter().map(from).collect();
-        allowed.par_sort();
 
-        let mut skipped: Vec<_> = self.skip.into_iter().map(from).collect();
-        skipped.par_sort();
+        let allowed: Vec<_> = self.allow.into_iter().map(from).collect();
+        let skipped: Vec<_> = self.skip.into_iter().map(from).collect();
 
         let mut add_diag = |first: (&Skrate, &str), second: (&Skrate, &str)| {
             diags.push(
@@ -168,17 +163,17 @@ impl crate::cfg::UnvalidatedConfig for Config {
         };
 
         for d in &denied {
-            if let Ok(ai) = allowed.binary_search(&d.id) {
-                add_diag((&d.id, "deny"), (&allowed[ai], "allow"));
+            if let Some(dupe) = exact_match(&allowed, &d.id.value) {
+                add_diag((&d.id, "deny"), (dupe, "allow"));
             }
-            if let Ok(si) = skipped.binary_search(&d.id) {
-                add_diag((&d.id, "deny"), (&skipped[si], "skip"));
+            if let Some(dupe) = exact_match(&skipped, &d.id.value) {
+                add_diag((&d.id, "deny"), (dupe, "skip"));
             }
         }
 
-        for a in &allowed {
-            if let Ok(si) = skipped.binary_search(a) {
-                add_diag((a, "allow"), (&skipped[si], "skip"));
+        for all in &allowed {
+            if let Some(dupe) = exact_match(&skipped, &all.value) {
+                add_diag((all, "allow"), (dupe, "skip"));
             }
         }
 
@@ -199,35 +194,19 @@ impl crate::cfg::UnvalidatedConfig for Config {
     }
 }
 
+#[inline]
+pub(crate) fn exact_match<'v>(arr: &'v [Skrate], id: &'_ KrateId) -> Option<&'v Skrate> {
+    arr.iter().find(|sid| *sid == id)
+}
+
 pub(crate) type Skrate = Spanned<KrateId>;
 
-#[derive(Eq)]
 #[cfg_attr(test, derive(Debug))]
 pub(crate) struct KrateBan {
     pub id: Skrate,
     pub wrappers: Vec<Spanned<String>>,
 }
 
-use std::cmp::{Ord, Ordering};
-
-impl Ord for KrateBan {
-    fn cmp(&self, o: &Self) -> Ordering {
-        self.id.cmp(&o.id)
-    }
-}
-
-impl PartialOrd for KrateBan {
-    fn partial_cmp(&self, o: &Self) -> Option<Ordering> {
-        Some(self.cmp(o))
-    }
-}
-
-impl PartialEq for KrateBan {
-    fn eq(&self, o: &Self) -> bool {
-        self.cmp(o) == Ordering::Equal
-    }
-}
-
 pub struct ValidConfig {
     pub file_id: FileId,
     pub multiple_versions: LintLevel,
@@ -248,14 +227,14 @@ mod test {
         ($name:expr) => {
             KrateId {
                 name: String::from($name),
-                version: semver::VersionReq::any(),
+                version: semver::VersionReq::STAR.into(),
             }
         };
 
         ($name:expr, $vs:expr) => {
             KrateId {
                 name: String::from($name),
-                version: $vs.parse().unwrap(),
+                version: $vs.parse::<semver::VersionReq>().unwrap().into(),
             }
         };
     }
@@ -283,21 +262,25 @@ mod test {
         assert_eq!(validated.file_id, cd.id);
         assert_eq!(validated.multiple_versions, LintLevel::Deny);
         assert_eq!(validated.highlight, GraphHighlight::SimplestPath);
+
         assert_eq!(
             validated.allowed,
             vec![kid!("all-versionsa"), kid!("specific-versiona", "<0.1.1")]
         );
+
         assert_eq!(
             validated.denied,
             vec![kid!("all-versionsd"), kid!("specific-versiond", "=0.1.9")]
         );
+
         assert_eq!(validated.skipped, vec![kid!("rand", "=0.6.5")]);
+
         assert_eq!(
             validated.tree_skipped,
             vec![TreeSkip {
                 id: CrateId {
                     name: "blah".to_owned(),
-                    version: semver::VersionReq::any(),
+                    version: semver::VersionReq::STAR,
                 },
                 depth: Some(20),
             }]
diff --git a/src/bans/mod.rs b/src/bans/mod.rs
deleted file mode 100644
index 1c10d0bf..00000000
--- a/src/bans/mod.rs
+++ /dev/null
@@ -1,646 +0,0 @@
-pub mod cfg;
-mod diags;
-mod graph;
-
-use self::cfg::{TreeSkip, ValidConfig};
-use crate::{
-    diag::{self, CfgCoord, FileId, KrateCoord},
-    Kid, Krate, Krates, LintLevel,
-};
-use anyhow::Error;
-use semver::{Version, VersionReq};
-use std::{cmp::Ordering, fmt};
-
-#[derive(Eq)]
-#[cfg_attr(test, derive(Debug))]
-pub struct KrateId {
-    pub(crate) name: String,
-    pub(crate) version: VersionReq,
-}
-
-impl fmt::Display for KrateId {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{} = {}", self.name, self.version)
-    }
-}
-
-impl Ord for KrateId {
-    fn cmp(&self, o: &Self) -> Ordering {
-        match self.name.cmp(&o.name) {
-            Ordering::Equal => self.version.cmp(&o.version),
-            o => o,
-        }
-    }
-}
-
-impl PartialOrd for KrateId {
-    fn partial_cmp(&self, o: &Self) -> Option<Ordering> {
-        Some(self.cmp(o))
-    }
-}
-
-impl PartialEq for KrateId {
-    fn eq(&self, o: &Self) -> bool {
-        self.cmp(o) == Ordering::Equal
-    }
-}
-
-fn binary_search<'a>(
-    arr: &'a [cfg::Skrate],
-    details: &Krate,
-) -> Result<(usize, &'a cfg::Skrate), usize> {
-    let lowest = VersionReq::exact(&Version::new(0, 0, 0));
-
-    match arr.binary_search_by(|i| match i.value.name.cmp(&details.name) {
-        Ordering::Equal => i.value.version.cmp(&lowest),
-        o => o,
-    }) {
-        Ok(i) => Ok((i, &arr[i])),
-        Err(i) => {
-            // Backtrack 1 if the crate name matches, as, for instance, wildcards will be sorted
-            // before the 0.0.0 version
-            let begin = if i > 0 && arr[i - 1].value.name == details.name {
-                i - 1
-            } else {
-                i
-            };
-
-            for (j, krate) in arr[begin..].iter().enumerate() {
-                if krate.value.name != details.name {
-                    break;
-                }
-
-                if krate.value.version.matches(&details.version) {
-                    return Ok((begin + j, krate));
-                }
-            }
-
-            Err(i)
-        }
-    }
-}
-
-struct SkipRoot {
-    span: std::ops::Range<usize>,
-    skip_crates: Vec<Kid>,
-    skip_hits: bitvec::vec::BitVec,
-}
-
-use bitvec::prelude::*;
-
-// If trees are being skipped, walk each one down to the specified depth and add
-// each dependency as a skipped crate at the specific version
-struct TreeSkipper {
-    roots: Vec<SkipRoot>,
-    cfg_file_id: FileId,
-}
-
-impl TreeSkipper {
-    fn build(
-        skip_roots: Vec<crate::Spanned<TreeSkip>>,
-        krates: &Krates,
-        cfg_file_id: FileId,
-    ) -> (Self, Pack) {
-        let mut roots = Vec::with_capacity(skip_roots.len());
-
-        let mut pack = Pack::new(Check::Bans);
-
-        for ts in skip_roots {
-            let num_roots = roots.len();
-
-            for krate in krates.search_matches(&ts.value.id.name, &ts.value.id.version) {
-                roots.push(Self::build_skip_root(ts.clone(), krate.0, krates));
-            }
-
-            // If no roots were added, add a diagnostic that the user's configuration
-            // is outdated so they can fix or clean it up
-            if roots.len() == num_roots {
-                pack.push(diags::UnmatchedSkipRoot {
-                    skip_root_cfg: CfgCoord {
-                        file: cfg_file_id,
-                        span: ts.span,
-                    },
-                });
-            }
-        }
-
-        (Self { roots, cfg_file_id }, pack)
-    }
-
-    fn build_skip_root(
-        ts: crate::Spanned<TreeSkip>,
-        krate_id: krates::NodeId,
-        krates: &Krates,
-    ) -> SkipRoot {
-        let span = ts.span;
-        let ts = ts.value;
-
-        let max_depth = ts.depth.unwrap_or(std::usize::MAX);
-        let mut skip_crates = Vec::with_capacity(10);
-
-        let graph = krates.graph();
-
-        let mut pending = vec![(krate_id, 1)];
-        while let Some((node_id, depth)) = pending.pop() {
-            if depth < max_depth {
-                for dep in graph.edges_directed(node_id, Direction::Outgoing) {
-                    pending.push((dep.target(), depth + 1));
-                }
-            }
-
-            let pkg_id = &krates[node_id].id;
-            if let Err(i) = skip_crates.binary_search(pkg_id) {
-                skip_crates.insert(i, pkg_id.clone());
-            }
-        }
-
-        let skip_hits = bitvec![0; skip_crates.len()];
-
-        SkipRoot {
-            span,
-            skip_crates,
-            skip_hits,
-        }
-    }
-
-    fn matches(&mut self, krate: &Krate, pack: &mut Pack) -> bool {
-        let mut skip = false;
-
-        for root in &mut self.roots {
-            if let Ok(i) = root.skip_crates.binary_search(&krate.id) {
-                pack.push(diags::SkippedByRoot {
-                    krate,
-                    skip_root_cfg: CfgCoord {
-                        file: self.cfg_file_id,
-                        span: root.span.clone(),
-                    },
-                });
-
-                root.skip_hits.as_mut_bitslice().set(i, true);
-                skip = true;
-            }
-        }
-
-        skip
-    }
-}
-
-pub struct DupGraph {
-    pub duplicate: String,
-    pub graph: String,
-}
-
-pub type OutputGraph = dyn Fn(DupGraph) -> Result<(), Error> + Send + Sync;
-
-use crate::diag::{Check, Diag, Pack, Severity};
-use krates::petgraph::{visit::EdgeRef, Direction};
-
-pub fn check(
-    ctx: crate::CheckCtx<'_, ValidConfig>,
-    output_graph: Option<Box<OutputGraph>>,
-    cargo_spans: diag::CargoSpans,
-    mut sink: diag::ErrorSink,
-) {
-    let wildcard = VersionReq::parse("*").expect("Parsing wildcard mustnt fail");
-
-    let ValidConfig {
-        file_id,
-        denied,
-        allowed,
-        skipped,
-        multiple_versions,
-        highlight,
-        tree_skipped,
-        wildcards,
-    } = ctx.cfg;
-
-    let krate_spans = &ctx.krate_spans;
-    let (mut tree_skipper, build_diags) = TreeSkipper::build(tree_skipped, ctx.krates, file_id);
-
-    if !build_diags.is_empty() {
-        sink.push(build_diags);
-    }
-
-    let (denied_ids, ban_wrappers): (Vec<_>, Vec<_>) =
-        denied.into_iter().map(|kb| (kb.id, kb.wrappers)).unzip();
-
-    // Keep track of all the crates we skip, and emit a warning if
-    // we encounter a skip that didn't actually match any crate version
-    // so that people can clean up their config files
-    let mut skip_hit = bitvec![0; skipped.len()];
-
-    struct MultiDetector<'a> {
-        name: &'a str,
-        dupes: smallvec::SmallVec<[usize; 2]>,
-    }
-
-    let mut multi_detector = MultiDetector {
-        name: &ctx.krates.krates().next().unwrap().krate.name,
-        dupes: smallvec::SmallVec::new(),
-    };
-
-    for (i, krate) in ctx.krates.krates().map(|kn| &kn.krate).enumerate() {
-        let mut pack = Pack::with_kid(Check::Bans, krate.id.clone());
-
-        //let krate_coord = krate_spans.get_coord(i);
-
-        if let Ok((bind, _ban)) = binary_search(&denied_ids, krate) {
-            let ban_cfg = CfgCoord {
-                file: file_id,
-                span: denied_ids[bind].span.clone(),
-            };
-
-            // The crate is banned, but it might have be allowed if it's wrapped
-            // by one or more particular crates
-            let allowed_wrappers = &ban_wrappers[bind];
-            let is_allowed = if !allowed_wrappers.is_empty() {
-                let nid = ctx.krates.nid_for_kid(&krate.id).unwrap();
-                let graph = ctx.krates.graph();
-
-                // Ensure that every single crate that has a direct dependency
-                // on the banned crate is an allowed wrapper
-                graph
-                    .edges_directed(nid, Direction::Incoming)
-                    .map(|edge| edge.source())
-                    .all(|nid| {
-                        let node = &graph[nid];
-                        //let krate_coord = krate_spans.get_coord(nid.index());
-
-                        let (diag, is_allowed): (Diag, _) = match allowed_wrappers
-                            .iter()
-                            .find(|aw| aw.value == node.krate.name)
-                        {
-                            Some(aw) => (
-                                diags::BannedAllowedByWrapper {
-                                    ban_cfg: ban_cfg.clone(),
-                                    ban_exception_cfg: CfgCoord {
-                                        file: file_id,
-                                        span: aw.span.clone(),
-                                    },
-                                    banned_krate: krate,
-                                    wrapper_krate: &node.krate,
-                                }
-                                .into(),
-                                true,
-                            ),
-                            None => (
-                                diags::BannedUnmatchedWrapper {
-                                    ban_cfg: ban_cfg.clone(),
-                                    banned_krate: krate,
-                                    parent_krate: &node.krate,
-                                }
-                                .into(),
-                                false,
-                            ),
-                        };
-
-                        pack.push(diag);
-                        is_allowed
-                    })
-            } else {
-                false
-            };
-
-            if !is_allowed {
-                pack.push(diags::ExplicitlyBanned { krate, ban_cfg });
-            }
-        }
-
-        if !allowed.is_empty() {
-            // Since only allowing specific crates is pretty draconian,
-            // also emit which allow filters actually passed each crate
-            match binary_search(&allowed, krate) {
-                Ok((_, allow)) => {
-                    pack.push(diags::ExplicitlyAllowed {
-                        krate,
-                        allow_cfg: CfgCoord {
-                            file: file_id,
-                            span: allow.span.clone(),
-                        },
-                    });
-                }
-                Err(_) => {
-                    pack.push(diags::ImplicitlyBanned { krate });
-                }
-            }
-        }
-
-        if let Ok((index, skip)) = binary_search(&skipped, krate) {
-            pack.push(diags::Skipped {
-                krate,
-                skip_cfg: CfgCoord {
-                    file: file_id,
-                    span: skip.span.clone(),
-                },
-            });
-
-            // Keep a count of the number of times each skip filter is hit
-            // so that we can report unused filters to the user so that they
-            // can cleanup their configs as their dependency graph changes over time
-            skip_hit.as_mut_bitslice().set(index, true);
-        } else if !tree_skipper.matches(krate, &mut pack) {
-            if multi_detector.name != krate.name {
-                if multi_detector.dupes.len() > 1 && multiple_versions != LintLevel::Allow {
-                    let severity = match multiple_versions {
-                        LintLevel::Warn => Severity::Warning,
-                        LintLevel::Deny => Severity::Error,
-                        LintLevel::Allow => unreachable!(),
-                    };
-
-                    let mut all_start = std::usize::MAX;
-                    let mut all_end = 0;
-
-                    let mut kids = smallvec::SmallVec::<[Kid; 2]>::new();
-
-                    #[allow(clippy::needless_range_loop)]
-                    for dup in multi_detector.dupes.iter().cloned() {
-                        let span = &ctx.krate_spans[dup];
-
-                        if span.start < all_start {
-                            all_start = span.start
-                        }
-
-                        if span.end > all_end {
-                            all_end = span.end
-                        }
-
-                        let krate = &ctx.krates[dup];
-
-                        kids.push(krate.id.clone());
-                    }
-
-                    {
-                        let mut diag: Diag = diags::Duplicates {
-                            krate_name: multi_detector.name,
-                            num_dupes: kids.len(),
-                            krates_coord: KrateCoord {
-                                file: krate_spans.file_id,
-                                span: all_start..all_end,
-                            },
-                            severity,
-                        }
-                        .into();
-
-                        diag.kids = kids;
-
-                        let mut pack = Pack::new(Check::Bans);
-                        pack.push(diag);
-
-                        sink.push(pack);
-                    }
-
-                    if let Some(ref og) = output_graph {
-                        match graph::create_graph(
-                            multi_detector.name,
-                            highlight,
-                            ctx.krates,
-                            &multi_detector.dupes,
-                        ) {
-                            Ok(graph) => {
-                                if let Err(e) = og(DupGraph {
-                                    duplicate: multi_detector.name.to_owned(),
-                                    graph,
-                                }) {
-                                    log::error!("{}", e);
-                                }
-                            }
-                            Err(e) => {
-                                log::error!(
-                                    "unable to create graph for {}: {}",
-                                    multi_detector.name,
-                                    e
-                                );
-                            }
-                        };
-                    }
-                }
-
-                multi_detector.name = &krate.name;
-                multi_detector.dupes.clear();
-            }
-
-            multi_detector.dupes.push(i);
-
-            if wildcards != LintLevel::Allow {
-                let severity = match wildcards {
-                    LintLevel::Warn => Severity::Warning,
-                    LintLevel::Deny => Severity::Error,
-                    LintLevel::Allow => unreachable!(),
-                };
-
-                let wildcards: Vec<_> = krate
-                    .deps
-                    .iter()
-                    .filter(|dep| dep.req == wildcard)
-                    .collect();
-
-                if !wildcards.is_empty() {
-                    sink.push(diags::Wildcards {
-                        krate,
-                        severity,
-                        wildcards,
-                        cargo_spans: &cargo_spans,
-                    });
-                }
-            }
-        }
-
-        if !pack.is_empty() {
-            sink.push(pack);
-        }
-    }
-
-    let mut pack = Pack::new(Check::Bans);
-
-    for skip in skip_hit
-        .into_iter()
-        .zip(skipped.into_iter())
-        .filter_map(|(hit, skip)| if !hit { Some(skip) } else { None })
-    {
-        pack.push(diags::UnmatchedSkip {
-            skip_cfg: CfgCoord {
-                file: file_id,
-                span: skip.span,
-            },
-        });
-    }
-
-    sink.push(pack);
-}
-
-#[cfg(test)]
-mod test {
-    use super::{cfg::CrateId, *};
-
-    #[test]
-    fn binary_search_() {
-        macro_rules! cid {
-            ($name:expr, $vers:expr) => {
-                CrateId {
-                    name: $name.to_owned(),
-                    version: VersionReq::parse_compat($vers, semver::Compat::Cargo).unwrap(),
-                }
-            };
-        }
-
-        let versions = [
-            cid!("unicase", "=1.4.2"),
-            cid!("crossbeam-deque", "=0.6.3"),
-            cid!("parking_lot", "=0.7.1"),
-            cid!("parking_lot_core", "=0.4.0"),
-            cid!("lock_api", "=0.1.5"),
-            cid!("rand", "=0.6.5"),
-            cid!("rand_chacha", "=0.1.1"),
-            cid!("rand_core", "=0.4.0"),
-            cid!("rand_core", "=0.3.1"),
-            cid!("rand_hc", "=0.1.0"),
-            cid!("rand_pcg", "=0.1.2"),
-            cid!("winapi", "<0.3"),
-            CrateId {
-                name: "serde".to_owned(),
-                version: VersionReq::any(),
-            },
-            cid!("scopeguard", "=0.3.3"),
-            cid!("num-traits", "=0.1.43"),
-            cid!("num-traits", "<0.1"),
-            cid!("num-traits", "<0.2"),
-            cid!("num-traits", "0.1.*"),
-            cid!("num-traits", "<0.1.42"),
-            cid!("num-traits", ">0.1.43"),
-        ];
-
-        let mut versions: Vec<_> = versions
-            .iter()
-            .map(|v| {
-                #[allow(clippy::reversed_empty_ranges)]
-                crate::Spanned::new(
-                    super::KrateId {
-                        name: v.name.clone(),
-                        version: v.version.clone(),
-                    },
-                    0..0,
-                )
-            })
-            .collect();
-
-        versions.sort();
-
-        assert_eq!(
-            binary_search(
-                &versions,
-                &crate::Krate {
-                    name: "rand_core".to_owned(),
-                    version: Version::parse("0.3.1").unwrap(),
-                    ..Default::default()
-                }
-            )
-            .map(|(_, s)| &s.value.version)
-            .unwrap(),
-            &(VersionReq::parse("=0.3.1").unwrap())
-        );
-
-        assert_eq!(
-            binary_search(
-                &versions,
-                &crate::Krate {
-                    name: "serde".to_owned(),
-                    version: Version::parse("1.0.94").unwrap(),
-                    ..Default::default()
-                }
-            )
-            .map(|(_, s)| &s.value.version)
-            .unwrap(),
-            &(VersionReq::any())
-        );
-
-        assert!(binary_search(
-            &versions,
-            &crate::Krate {
-                name: "nope".to_owned(),
-                version: Version::parse("1.0.0").unwrap(),
-                ..Default::default()
-            }
-        )
-        .is_err());
-
-        assert_eq!(
-            binary_search(
-                &versions,
-                &crate::Krate {
-                    name: "num-traits".to_owned(),
-                    version: Version::parse("0.1.43").unwrap(),
-                    ..Default::default()
-                }
-            )
-            .map(|(_, s)| &s.value.version)
-            .unwrap(),
-            &(VersionReq::parse("=0.1.43").unwrap())
-        );
-
-        assert_eq!(
-            binary_search(
-                &versions,
-                &crate::Krate {
-                    name: "num-traits".to_owned(),
-                    version: Version::parse("0.1.2").unwrap(),
-                    ..Default::default()
-                }
-            )
-            .map(|(_, s)| &s.value.version)
-            .unwrap(),
-            &(VersionReq::parse("0.1.*").unwrap())
-        );
-
-        assert_eq!(
-            binary_search(
-                &versions,
-                &crate::Krate {
-                    name: "num-traits".to_owned(),
-                    version: Version::parse("0.2.0").unwrap(),
-                    ..Default::default()
-                }
-            )
-            .map(|(_, s)| &s.value.version)
-            .unwrap(),
-            &(VersionReq::parse(">0.1.43").unwrap())
-        );
-
-        assert_eq!(
-            binary_search(
-                &versions,
-                &crate::Krate {
-                    name: "num-traits".to_owned(),
-                    version: Version::parse("0.0.99").unwrap(),
-                    ..Default::default()
-                }
-            )
-            .map(|(_, s)| &s.value.version)
-            .unwrap(),
-            &(VersionReq::parse("<0.1").unwrap())
-        );
-
-        assert_eq!(
-            binary_search(
-                &versions,
-                &crate::Krate {
-                    name: "winapi".to_owned(),
-                    version: Version::parse("0.2.8").unwrap(),
-                    ..Default::default()
-                }
-            )
-            .map(|(_, s)| &s.value.version)
-            .unwrap(),
-            &(VersionReq::parse("<0.3").unwrap())
-        );
-
-        assert!(binary_search(
-            &versions,
-            &crate::Krate {
-                name: "winapi".to_owned(),
-                version: Version::parse("0.3.8").unwrap(),
-                ..Default::default()
-            }
-        )
-        .is_err());
-    }
-}
diff --git a/src/cargo-deny/common.rs b/src/cargo-deny/common.rs
index 8e9f6396..2dd4f4ca 100644
--- a/src/cargo-deny/common.rs
+++ b/src/cargo-deny/common.rs
@@ -212,11 +212,20 @@ fn get_metadata(opts: MetadataOptions) -> Result<krates::cm::Metadata, anyhow::E
             .join(manifest_path);
     }
 
+    let features = std::rc::Rc::new(
+        opts.features
+            .into_iter()
+            .map(|feat| core::FeatureValue::new(util::interning::InternedString::new(&feat)))
+            .collect(),
+    );
+
     let ws = core::Workspace::new(&manifest_path, &config)?;
     let options = ops::OutputMetadataOptions {
-        features: opts.features,
-        no_default_features: opts.no_default_features,
-        all_features: opts.all_features,
+        cli_features: core::resolver::features::CliFeatures {
+            features,
+            all_features: opts.all_features,
+            uses_default_features: !opts.no_default_features,
+        },
         no_deps: false,
         version: 1,
         filter_platforms: vec![],
diff --git a/src/cargo-deny/main.rs b/src/cargo-deny/main.rs
index 0c0a907e..949341ce 100644
--- a/src/cargo-deny/main.rs
+++ b/src/cargo-deny/main.rs
@@ -171,8 +171,8 @@ pub(crate) struct GraphContext {
     /// Do not activate the `default` feature
     #[structopt(long)]
     pub(crate) no_default_features: bool,
-    /// Space-separated list of features to activate
-    #[structopt(long)]
+    /// Space or comma separated list of features to activate
+    #[structopt(long, use_delimiter = true)]
     pub(crate) features: Vec<String>,
     /// Run without accessing the network
     #[structopt(long)]
diff --git a/src/index/mod.rs b/src/index.rs
similarity index 100%
rename from src/index/mod.rs
rename to src/index.rs
diff --git a/src/licenses/mod.rs b/src/licenses.rs
similarity index 100%
rename from src/licenses/mod.rs
rename to src/licenses.rs
diff --git a/src/licenses/cfg.rs b/src/licenses/cfg.rs
index 4b843252..d1b5f647 100644
--- a/src/licenses/cfg.rs
+++ b/src/licenses/cfg.rs
@@ -234,13 +234,11 @@ impl crate::cfg::UnvalidatedConfig for Config {
 
             exceptions.push(ValidException {
                 name: exc.name,
-                version: exc.version.unwrap_or_else(VersionReq::any),
+                version: exc.version.unwrap_or(VersionReq::STAR),
                 allowed,
             });
         }
 
-        exceptions.par_sort();
-
         // Ensure the config doesn't contain the same exact license as both
         // denied and allowed, that's confusing and probably not intended, so
         // they should pick one
@@ -283,15 +281,13 @@ impl crate::cfg::UnvalidatedConfig for Config {
 
             clarifications.push(ValidClarification {
                 name: c.name,
-                version: c.version.unwrap_or_else(VersionReq::any),
+                version: c.version.unwrap_or(VersionReq::STAR),
                 expr_offset: (c.expression.span.start + 1),
                 expression: expr,
                 license_files,
             });
         }
 
-        clarifications.par_sort();
-
         ValidConfig {
             file_id: cfg_file,
             private: self.private,
@@ -309,7 +305,7 @@ impl crate::cfg::UnvalidatedConfig for Config {
 }
 
 #[doc(hidden)]
-#[cfg_attr(test, derive(Debug))]
+#[cfg_attr(test, derive(Debug, PartialEq))]
 pub struct ValidClarification {
     pub name: String,
     pub version: VersionReq,
@@ -319,7 +315,7 @@ pub struct ValidClarification {
 }
 
 #[doc(hidden)]
-#[derive(Debug)]
+#[derive(Debug, PartialEq)]
 pub struct ValidException {
     pub name: crate::Spanned<String>,
     pub version: VersionReq,
@@ -402,7 +398,7 @@ mod test {
                     path: p.fake(),
                     hash: 0xbd0e_ed23,
                 }],
-                expr_offset: 415,
+                expr_offset: 432,
             }]
         );
     }
diff --git a/src/licenses/gather.rs b/src/licenses/gather.rs
index 17c4b605..5e8641f8 100644
--- a/src/licenses/gather.rs
+++ b/src/licenses/gather.rs
@@ -1,4 +1,4 @@
-use super::cfg::{FileSource, ValidClarification, ValidConfig, ValidException};
+use super::cfg::{FileSource, ValidClarification, ValidConfig};
 use crate::{
     diag::{FileId, Files, Label},
     Krate,
@@ -7,56 +7,10 @@ use anyhow::Error;
 use krates::{Utf8Path, Utf8PathBuf};
 use rayon::prelude::*;
 use smallvec::SmallVec;
-use std::{cmp, fmt, sync::Arc};
+use std::{fmt, sync::Arc};
 
 const LICENSE_CACHE: &[u8] = include_bytes!("../../resources/spdx_cache.bin.zstd");
 
-impl Ord for ValidClarification {
-    fn cmp(&self, o: &Self) -> cmp::Ordering {
-        match self.name.cmp(&o.name) {
-            cmp::Ordering::Equal => self.version.cmp(&o.version),
-            o => o,
-        }
-    }
-}
-
-impl PartialOrd for ValidClarification {
-    fn partial_cmp(&self, o: &Self) -> Option<cmp::Ordering> {
-        Some(self.cmp(o))
-    }
-}
-
-impl PartialEq for ValidClarification {
-    fn eq(&self, o: &Self) -> bool {
-        self.cmp(o) == cmp::Ordering::Equal
-    }
-}
-
-impl Eq for ValidClarification {}
-
-impl Ord for ValidException {
-    fn cmp(&self, o: &Self) -> cmp::Ordering {
-        match self.name.cmp(&o.name) {
-            cmp::Ordering::Equal => self.version.cmp(&o.version),
-            o => o,
-        }
-    }
-}
-
-impl PartialOrd for ValidException {
-    fn partial_cmp(&self, o: &Self) -> Option<cmp::Ordering> {
-        Some(self.cmp(o))
-    }
-}
-
-impl PartialEq for ValidException {
-    fn eq(&self, o: &Self) -> bool {
-        self.cmp(o) == cmp::Ordering::Equal
-    }
-}
-
-impl Eq for ValidException {}
-
 #[inline]
 fn iter_clarifications<'a>(
     all: &'a [ValidClarification],
diff --git a/src/manifest/mod.rs b/src/manifest.rs
similarity index 100%
rename from src/manifest/mod.rs
rename to src/manifest.rs
diff --git a/src/sources/mod.rs b/src/sources.rs
similarity index 100%
rename from src/sources/mod.rs
rename to src/sources.rs