Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider yanking Clap 2.9.2 #2076

Closed
matklad opened this issue Aug 15, 2020 · 6 comments
Closed

Consider yanking Clap 2.9.2 #2076

matklad opened this issue Aug 15, 2020 · 6 comments
Labels
C-bug Category: bug

Comments

@matklad
Copy link
Contributor

matklad commented Aug 15, 2020
edited
Loading

Hi!

Clap 2.9.2 (and maybe some other versions, I haven't done an investigation) triggers future compatablity warning in this code:

clap/src/macros.rs

Line 506 in 9605ea8

(@arg ($arg:expr) $modes:tt !$ident $($tail:tt)*) => {

This is an erroneous definition of a macro, because $ident fragment lacks :ident specifier. This has been a deny-by-default lint for some time, and we'd want to hard error it eventually (and most likely rather soon). So, given that this crate might stop to compile eventually, it seems prudent to yank it, to give reverse-dependeices a heads up!

cc rust-lang/rust#75516
cc dzamlo/treeify#2
@matklad matklad added the C-bug Category: bug label Aug 15, 2020
@matklad matklad changed the title Consider yanking Clap 2.9 Consider yanking Clap 2.9.2 Aug 15, 2020
@CreepySkeleton
Copy link
Contributor

Sure. It's hard to tell for sure which versions are affected because not every version has a tag I could checkout, so I just located the earliest bug-free version - which is 2.21.1 - and yanked everything in between. At the end of the day, they are all are just a history; there are more than 10 minor releases after that point.

I didn't spend any time on checking older versions because they're quite ancient and I doubt anyone will ever notice. Anyway, whoever cares is free to contact us and we'll yank them as well.

@pksunkara
Copy link
Member

This has been there since v1.4.0. Do we want to yank all of them? I am not sure why we are giving importance to yanking. What if people prefer an older version of rust?

Also, the usage of clap by versions (atleast from public crates) is here

@CreepySkeleton
Copy link
Contributor

I don't mind, go ahead if you want to.

1.4.0 was released five years ago. If those people are so dead set, they can just put the desired version in Cargo.lock manually (and it's probably already there). Yanking doesn't remove the crate from crates.io, it just prevents new crates from depending on it.

Also, the usage of clap by versions (atleast from public crates) is here

Just as expected: the ~90% peak at the latest minor version and the loong low tail of older deps. I'd say we don't care. A curious phenomena: local peaks on "terminator versions" (i.e 2.23.3 when the next version is 2.24.x).

@Dylan-DPC-zz Dylan-DPC-zz reopened this Aug 16, 2020
@Dylan-DPC-zz
Copy link

Reopening this because as per how the process goes with similar advisories, the versions have to be yanked

@CreepySkeleton CreepySkeleton mentioned this issue Aug 16, 2020
Closed
@pksunkara
Copy link
Member

So, should I yank from 1.4.0 onwards?

@matklad matklad mentioned this issue Aug 17, 2020
Merged
@CreepySkeleton
Copy link
Contributor

Yanked, God bless dumb python scripts. Why doesn't cargo have the "yank everything from X.X.X to Y.Y.Y" functionality?

@tgross35 tgross35 mentioned this issue Aug 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-bug Category: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pksunkara @matklad @Dylan-DPC-zz @CreepySkeleton