Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require exact version of arbitrary-derive #212

Merged
merged 1 commit into from
Jan 7, 2025
Merged

Require exact version of arbitrary-derive #212

merged 1 commit into from
Jan 7, 2025

Conversation

maurer
Copy link
Contributor

@maurer maurer commented Jan 7, 2025
edited
Loading

Arbitrary had a new try_size_hint method added in #185 - while this was semver safe for arbitrary because a default implementation was provided which forwarded along, the new version of arbitrary-derive which follows the same versioning as arbitrary started generating try_size_hint methods, which causes v1.2.3 to fail to compile, as it tries to grab arbitrary-derive "1.2.3" from crates.io, which gets responded to with a "1.4.0" version. This means that arbitrary-derive technically has a semver break from 1.2.3 to 1.4.

Given that:

  1. It is reasonable to evolve your traits this way, and it doesn't break semver on the base package
  2. The patchlevel is specified on arbitrary-derive, so it seems the intent is to require a matching version
  3. You likely want to keep the same version for your proc-macro as your main crate

This proposes using exact equality in the Cargo.toml so that future trait updates of this nature won't break the ability to build older packages via Cargo.

@Manishearth
Copy link
Member

Personally I'd prefer a ~ dep here so there is some flexibility.

@maurer
Require exact version of arbitrary-derive
9d1c7ae 
`Arbitrary` had a new `try_size_hint` method added in rust-fuzz#185 - while this
was semver safe for `arbitrary` because a default implementation was
provided which forwarded along, the new version of `arbitrary-derive`
which follows the same versioning as `arbitrary` started generating
`try_size_hint` methods, which causes v1.2.3 to fail to compile, as it
tries to grab `arbitrary-derive` "1.2.3" from crates.io, which gets
responded to with a "1.4.0" version.

Given that:
1. It is reasonable to evolve your traits this way, and it doesn't break
   semver on the base package
2. The patchlevel is specified on `arbitrary-derive`, so it seems the
   intent is to require a matching version
3. You likely want to keep the same version for your proc-macro as your
   main crate

This proposes using exact equality in the `Cargo.toml` so that future
trait updates of this nature won't break the ability to build older
packages via Cargo.
@maurer
Copy link
Contributor Author

maurer commented Jan 7, 2025

SGTM, switched to "~1.4.0"

This won't fix the old versions, but will mean that similar situations (arbitrary does a semver compat API expansion, derive_arbitrary does something that's technically not semver compatible) will be less likely to cause trouble.

@Manishearth Manishearth merged commit cc27054 into rust-fuzz:main Jan 7, 2025
6 checks passed
@maurer maurer deleted the semver branch January 7, 2025 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Manishearth Manishearth Manishearth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maurer @Manishearth