search

killercup / cargo-edit

A utility for managing cargo dependencies from the command line.
http://killercup.github.io/cargo-edit/
MIT License
3.09k stars 148 forks source link

Trouble updating library usage from v0.9: replacement for `LocalManifest::upgrade`? #837

Closed tarcieri closed 1 year ago

tarcieri commented 1 year ago

cargo-audit uses cargo-edit as a library as part of its --fix functionality in order to attempt to automatically update Cargo.lock with versions containing fixes.

We're currently on cargo-edit v0.9 using LocalManifest::upgrade to perform the upgrade, but this method appears to have been removed in cargo-edit v0.10 and we couldn't find any information in the CHANGELOG regarding what happened to it or what to replace it with.

What should we use in newer versions of cargo-edit to perform a similar function? We also currently offer a --dry-run option and ideally we'd like to preserve that functionality as well if possible.

See also: https://github.com/rustsec/rustsec/pull/801

epage commented 1 year ago

From #820

I released 0.11.5 which clarifies our semver policy which is that our version reflects the binary, and not the API, and the uploading to crates.io is for distributing the binary.

My goal with cargo-edit is for it to disappear, merged into cargo, at which point there won't be a crate any more for people to use. Any of the core editing APIs we exposed have moved into cargo itself (pub API not released yet). Anything that remains is convenience for implementing the binaries.

I would recommend forking the code you need.