fix(toml)!: Disallow source-less dependencies #13775
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is part of rust-lang#13629 This turns deps like ```toml foo = { optional = true } ``` from `version="*"` deps with a warning into errors. This breaking change was deemed acceptable because this behavior has been considered a bug from the beginning. We have gotten little to no feedback about people wanting this behavior. This improves our forwards-compatibility story as we can add new dependency sources and they won't be considered a wildcard registry dependency on older cargo.
rustbot
added
A-manifest
13 tasks
weihanglo
approved these changes
Apr 18, 2024
| @@ -1672,14 +1672,11 @@ fn detailed_dep_to_dependency<P: ResolveToPath + Clone>( | |||
| kind: Option<DepKind>, | |||
| ) -> CargoResult<Dependency> { | |||
| if orig.version.is_none() && orig.path.is_none() && orig.git.is_none() { | |||
| let msg = format!( | |||
| "dependency ({}) specified without \ | |||
| anyhow::bail!( | |||
There was a problem hiding this comment.
Question: What's the criteria of turning this into
- a normal warning
- a critical warning that bails out later
- a fatal error bailing out here
There was a problem hiding this comment.
turning this into a normal warning
This was already a warning, so no change there
a fatal error bailing out here
When we discussed #13629 as a team, we seemed in favor of a hard error as this was deemed a bug that people haven't been clamoring for us to continue to support.
a critical warning that bails out later
I honestly haven't touched that system much. I think those "recoverable errors", right? As in, we continue moving forward, seeing other messages, and but fail after all of that?
While I would want to move more towards error recovery, this has some weird properties
- These only show up when
emit_warningsis called which looks to only be compile commands andcargo fetch - The overall value of error recovery seems relatively low (not much more is really going to be shown but instead people might see other unrelated warnings)
There was a problem hiding this comment.
Thanks for the clarification. I understand this being a fatal error as a team decision. The recovery error is something I am also thinking about, yet it doesn't apply to this situation.
weihanglo
approved these changes
Apr 18, 2024
|
@bors r+ Thanks! |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 19, 2024
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 19, 2024
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 20, 2024
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
aarongable
pushed a commit
to chromium/chromium
that referenced
this pull request
May 8, 2024
As of cargo 1.79.0, our fake_root Cargo.toml is no longer valid due to the change in rust-lang/cargo#13775 which disallows a dependency without a version (or path, or something). Previously, these were implicitly a "wildcard registry dependency" but no longer. So do this explicitly to set the feature on the dependency without any version requirement. The version will be specified by std. R=aeubanks@google.com Bug: 339172099 Change-Id: Ifbb78ced06d520755b683f49a6daca2cd0bcd333 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5525961 Commit-Queue: danakj <danakj@chromium.org> Reviewed-by: Arthur Eubanks <aeubanks@google.com> Cr-Commit-Position: refs/heads/main@{#1298307}
UI-RayanWang
pushed a commit
to ubiquiti/ubnt_libjingle_component_src_build
that referenced
this pull request
Jun 24, 2024
As of cargo 1.79.0, our fake_root Cargo.toml is no longer valid due to the change in rust-lang/cargo#13775 which disallows a dependency without a version (or path, or something). Previously, these were implicitly a "wildcard registry dependency" but no longer. So do this explicitly to set the feature on the dependency without any version requirement. The version will be specified by std. R=aeubanks@google.com Bug: 339172099 Change-Id: Ifbb78ced06d520755b683f49a6daca2cd0bcd333 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5525961 Commit-Queue: danakj <danakj@chromium.org> Reviewed-by: Arthur Eubanks <aeubanks@google.com> Cr-Commit-Position: refs/heads/main@{#1298307} NOKEYCHECK=True GitOrigin-RevId: b71d1630b5f82988db7c26c0675648aa1a4563fd
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR try to resolve?
This is part of #13629 addressing “dependency without path, version, git, workspace specified”.
This turns deps like
from
version="*"deps with a warning into errors. This breaking change was deemed acceptable because this behavior has been considered a bug from the beginning.We have gotten little to no feedback about people wanting this behavior.
This improves our forwards-compatibility story as we can add new dependency sources and they won't be considered a wildcard registry dependency on older cargo.
How should we test and review this PR?
I removed the
cargo_addtest because it is redundant.We no longer get the “unused key” warnings because those warnings get deferred to after this error gets reported.
Additional information