Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo update should print warnings for incompatible candidates #7167

Open
ehuss opened this issue Jul 23, 2019 · 4 comments
Open

cargo update should print warnings for incompatible candidates #7167

ehuss opened this issue Jul 23, 2019 · 4 comments
Labels
A-dependency-resolution Area: dependency resolution and the resolver A-diagnostics Area: Error and warning messages generated by Cargo itself. Command-update S-needs-design Status: Needs someone to work further on the design for the feature or fix. NOT YET accepted.

Comments

@ehuss
Copy link
Contributor

ehuss commented Jul 23, 2019

Currently, if there is a new release of a package that removes a required feature, then cargo update will silently do nothing. This can be a confusing experience because if the user looks at crates.io and sees there is a newer version, it can be difficult to understand why it is not working.

I believe that removing a feature is a breaking semver change, but not everyone knows this or is diligent about managing correct version bumps.

I think cargo update should display a warning if the "newest" candidate is not used because it is missing a feature.

It should probably ignore intermediate candidates, for example starting from version 0.1.0, publish bad release 0.1.1, publish fixed release 0.1.2, then updating from 0.1.0 to 0.1.2 should not produce any warnings.

There are other edge cases to handle (like being able to update from 0.1.0 to 0.1.1, but not 0.1.2).

The following is a test to demonstrate the scenario. The warning at the bottom is just a suggestion, the actual warning will likely be a little different.

#[cargo_test]
fn update_with_missing_feature() {
    // Attempting to update a package to a version with a missing feature
    // should produce a warning.
    Package::new("bar", "0.1.0").feature("feat1", &[]).publish();

    let p = project()
        .file(
            "Cargo.toml",
            r#"
            [package]
            name = "foo"
            version = "0.1.0"

            [dependencies]
            bar = {version="0.1", features=["feat1"]}
            "#,
        )
        .file("src/lib.rs", "")
        .build();
    p.cargo("generate-lockfile").run();

    // Publish an update that is missing the feature.
    Package::new("bar", "0.1.1").publish();

    p.cargo("update")
        .with_stderr(
            "\
[WARNING] a newer version of package `bar` is available (`0.1.1`), \
but it does not include the required feature `feat1`, so it will not be updated
",
        )
        .run();

    // Publish a fixed version, should not warn.
    Package::new("bar", "0.1.2").feature("feat1", &[]).publish();
    p.cargo("update")
        .with_stderr(
            "\
[UPDATING] `[..]` index
[UPDATING] bar v0.1.0 -> v0.1.2
",
        )
        .run();
}
@niedzielski
Copy link

Extending the "incompatible candidates" criteria, cargo update only considers dependencies that are permitted by the semantic version specified (often in the Cargo.toml). This means that newer forbidden dependencies are not reported and the caller is never made aware that a more involved upgrade is necessary to use the latest and greatest. E.g., consider

[dependencies]
foo = '0.2.1'

cargo update would report that a foo v0.2.2 was available but not v1.0.0. In large Cargo.toml files, this is problematic as there may be many dependencies and it's not practical to determine whether all are fully updated or not.

@ehuss
Copy link
Contributor Author

ehuss commented Mar 7, 2020

@niedzielski although that is a similar issue, semver-incompatible notifications are part of #4309. You can use the cargo-outdated tool for that.

@niedzielski
Copy link

@ehuss, very helpful. Thank you! 👍

@epage epage mentioned this issue Aug 1, 2023
Open
11 tasks
@epage epage added A-diagnostics Area: Error and warning messages generated by Cargo itself. A-dependency-resolution Area: dependency resolution and the resolver S-needs-design Status: Needs someone to work further on the design for the feature or fix. NOT YET accepted. labels Nov 1, 2023
@epage epage mentioned this issue Nov 3, 2023
Open
@epage epage mentioned this issue Jan 31, 2024
Merged
bors added a commit that referenced this issue Feb 5, 2024
@bors
Auto merge of #13372 - epage:update-report, r=weihanglo
b0df265 
feat(update): Tell users when they are still behind

### What does this PR try to resolve?

Part of this is an offshoot of #12425 which is about pulling  some of `cargo upgrade`s behavior into `cargo update`.  One of the "'Potential related `cargo update` improvements" is informing the user when they are behind.

Part of this is to help close the gap of users being behind on their dependencies unaware.  This is commonly raised when discussing an MSRV-aware resolver (see rust-lang/rfcs#3537) but breaking changes are just as big of a deal so I'm starting this now.

See also #7167, #4309

Compared to `cargo upgrade` / `cargo outdated`, I'm taking a fairly conservative approach and tweaking the existing output as a starting point / MVP.  We can experiment with a richer or easier-to-consume way of expressing this over time.

I view us telling people they aren't on the latest as a warning, so I made that text yellow.

`clap $ cargo update --dry-run`
![image](https://github.com/rust-lang/cargo/assets/60961/4bf151e3-6b57-4073-8822-9140dd731d5e)

`clap $ cargo update --dry-run --verbose`
![image](https://github.com/rust-lang/cargo/assets/60961/fbf802fb-3a6a-4e8b-a6ec-4ce49fb505f6)

### How should we test and review this PR?

This sets up the minimal implementation and slowly adds bits at a time, with a test first that demonstrates it.

### Additional information

I'm expecting that the `cargo upgrade` integration will extend the notes to say something like "X dependencies may be updated with `--breaking`"
@epage
Copy link
Contributor

epage commented Feb 9, 2024

We now report when a non-latest dependency is selected in #13372 but we don't

  • Report the latest compatible
  • Provide a message saying why it was withheld.

@epage epage mentioned this issue May 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-dependency-resolution Area: dependency resolution and the resolver A-diagnostics Area: Error and warning messages generated by Cargo itself. Command-update S-needs-design Status: Needs someone to work further on the design for the feature or fix. NOT YET accepted.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ehuss @epage @niedzielski