-
-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False negative: major bumping of dependency with exposed API is not detected #447
Comments
Thanks for the thorough report! Semver in Rust is extremely complex, and there are easily hundreds of rules that aren't implemented yet: https://github.com/obi1kenobi/cargo-semver-checks#will-cargo-semver-checks-catch-every-semver-violation The tracking issue for not-yet-implemented lints is #5. We're treating these as unimplemented features, and saving the Also, if you might be interested in contributing to the project by writing new lints, I'd be happy to mentor! |
Thank you @obi1kenobi! You are right, it totally make sense to track the missing rules in a single issue instead of spreading them all around without any central document. I just did not find anything specifically related to the missed detection, I should have search more carefully 😅 I think I can try to implement the rule for this on my spare time (and maybe others, who knows), it could be an interesting experience. Also, I definitely love this project, I would be very happy to give a small hand. I am gonna try to write down something, if I need help I will ask, thank you in advance! ❤️ |
Unfortunately I don't think this rule is straightforward to implement since currently cargo-semver-checks doesn't see manifest information — it isn't exposed in the Trustfall schema it queries and it isn't particularly easy to add. I wouldn't recommend it as a starting point. A few easier starting points:
These run the gamut from "how can I help in half an hour" to "I've got a few afternoons / a few weekends to put in." I'm happy to be an issue concierge if you let me know what sort of thing you'd be most excited about. |
Steps to reproduce the bug with the above code
cargo new inner --lib
and chdir inside.time
:src/lib.rs
so it contains the following:time
to 0.3:git commit -a -m "bump time"
cargo-semver-checks
:Further check to ensure it is a breaking change
Checkout to previous commit:
Create a worktree with the latest commit in a different path:
Note that if you are using an old version of
git
, you could need to usemaster
instead ofmain
Change back to the parent folder and run
cargo new --lib outer
, then chdir insideouter
.Add the first version of
inner
as dependency:Also add
[email protected]
as dependency:cargo add [email protected]
Edit the
src/lib.rs
so it contains the following:Run
cargo check
, assess that everything is fine.Use the new version of
inner
:Run
cargo check
again. Now you should expect a mismatchingtime::Date
type.Actual Behaviour
No breaking changes are reported
Expected Behaviour
A breaking change should be detected: bumping the major version of a dependency when the crate exposes something from its API is breaking.
Generated System Information
Software version
cargo-semver-checks 0.20.0 (cf03e7f)
Operating system
Linux 6.2.13-arch1-1
Command-line
cargo version
Compile time information
Build Configuration
Should not be relevant, but here the
~/.cargo/config.toml
:Additional Context
The issue has been discovered while bumping the wot-td dependency of the crate wot-serve.
CC @lu-zero
The text was updated successfully, but these errors were encountered: