[geodel]

Cargo.toml is more appropriate to check dependencies and that has 642 lines. Some of them maybe just for testing or project setup. Remove them all I think it still would leave you with few hundred dependencies. And that does not seem excessive for a Rust project specially from Microsoft.

I mention Microsoft specifically because their Go projects are similarly excessive in dependencies even though higher quality Go projects do have fewer dependencies.

[gpm]

External dependencies only start on line 354 of that file, and end on line 503. The rest is internal dependencies (within the repository), and build config.

It's a different metric all together though, since it doesn't show transitive dependencies only direct dependencies (and as you suggest it doesn't distinguish between actual dependencies and testing dependencies because it's a workspace cargo.toml). As someone else suggested, using a program like cargo tree is the most appropriate.

It's also worth putting this in context that there's half a million lines of rust code in this repository.