Unmaintained difference dependency

[io12]

https://github.com/RustSec/advisory-db/blob/master/crates/difference/RUSTSEC-2020-0095.md

It looks like this crate has the difference crate as a dependency, which causes a warning when running cargo audit.

[epage]

Personally, I find it a bit much to have an advisory over a crate just because it is unmaintained.

Looking at how our current API for this, we need

• Edit distance
• Custom split character
• Formatted output (current is whole-file but patches might also work)

Looking at the suggested alternatives

• pretty_assertions is only asserts. It builds on difference, so using a shared dependency won't help
• dissimilar doesn't report edit distance and doesn't have a custom separator
• treediff and diffus are for data structures

Doing some more digging

• text-diff might work

Though we could possibly do some of our own munging to separate the data ourself or to calculate edit distance from the output of a library. There is a bit more care needed with this to make sure we are doing it right.

[brightly-salty]

Just adding a link to the similar issue in pretty_assertions: https://github.com/colin-kiegel/rust-pretty-assertions/issues/44

(About the advisory, it is listed as a warning and not an error: yellow and not red in the output. I was the creator of this advisory)

[benesch]

text-diff is just an older version of difference with a different name, I think (?), so that's probably doubly unmaintained. I've been unable to find anything better than difference in the past when I've looked. :/

(About the advisory, it is listed as a warning and not an error: yellow and not red in the output. I was the creator of this advisory)

I find such advisories very useful, FWIW! No complaints here.

[mitsuhiko]

Throwing my own crate into the ring: https://github.com/mitsuhiko/similar/

Triggered by this advisory I also did not find anything to replace it with and decided to build my own thing to replace it. Let me know if this works for you or if you're running into problems with it.

[benesch]

Wow, @mitsuhiko, that crate looks awesome! Exactly what I've been looking for.

[vincentdephily]

I've begun playing with dissimilar and similar as replacement crates. It's still WIP but can serve as a basis for discussion, in particular if/how we want to break API compatibility. The branch is at https://github.com/vincentdephily/predicates-rs/tree/change_diff_crate it's not mergeable but I can open a PR if it makes reviewing easier.

[epage]

it's not mergeable but I can open a PR if it makes reviewing easier.

A PR would be a great way for us to discuss and brainstorm

[vincentdephily]

Here is the PR, sorry for the delay I got drawn in by other projects.