-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(toml)!: Disallow source-less dependencies #13775
Conversation
This is part of rust-lang#13629 This turns deps like ```toml foo = { optional = true } ``` from `version="*"` deps with a warning into errors. This breaking change was deemed acceptable because this behavior has been considered a bug from the beginning. We have gotten little to no feedback about people wanting this behavior. This improves our forwards-compatibility story as we can add new dependency sources and they won't be considered a wildcard registry dependency on older cargo.
@@ -1672,14 +1672,11 @@ fn detailed_dep_to_dependency<P: ResolveToPath + Clone>( | |||
kind: Option<DepKind>, | |||
) -> CargoResult<Dependency> { | |||
if orig.version.is_none() && orig.path.is_none() && orig.git.is_none() { | |||
let msg = format!( | |||
"dependency ({}) specified without \ | |||
anyhow::bail!( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question: What's the criteria of turning this into
- a normal warning
- a critical warning that bails out later
- a fatal error bailing out here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
turning this into a normal warning
This was already a warning, so no change there
a fatal error bailing out here
When we discussed #13629 as a team, we seemed in favor of a hard error as this was deemed a bug that people haven't been clamoring for us to continue to support.
a critical warning that bails out later
I honestly haven't touched that system much. I think those "recoverable errors", right? As in, we continue moving forward, seeing other messages, and but fail after all of that?
While I would want to move more towards error recovery, this has some weird properties
- These only show up when
emit_warnings
is called which looks to only be compile commands andcargo fetch
- The overall value of error recovery seems relatively low (not much more is really going to be shown but instead people might see other unrelated warnings)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the clarification. I understand this being a fatal error as a team decision. The recovery error is something I am also thinking about, yet it doesn't apply to this situation.
@bors r+ Thanks! |
☀️ Test successful - checks-actions |
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
As of cargo 1.79.0, our fake_root Cargo.toml is no longer valid due to the change in rust-lang/cargo#13775 which disallows a dependency without a version (or path, or something). Previously, these were implicitly a "wildcard registry dependency" but no longer. So do this explicitly to set the feature on the dependency without any version requirement. The version will be specified by std. [email protected] Bug: 339172099 Change-Id: Ifbb78ced06d520755b683f49a6daca2cd0bcd333 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5525961 Commit-Queue: danakj <[email protected]> Reviewed-by: Arthur Eubanks <[email protected]> Cr-Commit-Position: refs/heads/main@{#1298307}
As of cargo 1.79.0, our fake_root Cargo.toml is no longer valid due to the change in rust-lang/cargo#13775 which disallows a dependency without a version (or path, or something). Previously, these were implicitly a "wildcard registry dependency" but no longer. So do this explicitly to set the feature on the dependency without any version requirement. The version will be specified by std. [email protected] Bug: 339172099 Change-Id: Ifbb78ced06d520755b683f49a6daca2cd0bcd333 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5525961 Commit-Queue: danakj <[email protected]> Reviewed-by: Arthur Eubanks <[email protected]> Cr-Commit-Position: refs/heads/main@{#1298307} NOKEYCHECK=True GitOrigin-RevId: b71d1630b5f82988db7c26c0675648aa1a4563fd
What does this PR try to resolve?
This is part of #13629 addressing “dependency without path, version, git, workspace specified”.
This turns deps like
from
version="*"
deps with a warning into errors. This breaking change was deemed acceptable because this behavior has been considered a bug from the beginning.We have gotten little to no feedback about people wanting this behavior.
This improves our forwards-compatibility story as we can add new dependency sources and they won't be considered a wildcard registry dependency on older cargo.
How should we test and review this PR?
I removed the
cargo_add
test because it is redundant.We no longer get the “unused key” warnings because those warnings get deferred to after this error gets reported.
Additional information