tree-sitter-markdown
tree-sitter-markdown copied to clipboard
ikatyang
Rust dependencies are out-of-date
Current tree-sitter version is 0.20.9 but this crate depends on 0.19. Fix is cargo update (or update the version manually in Cargo.toml). An unsuspecting user would add the following to their Cargo.toml and get this error:
tree-sitter = "0.20.9"
tree-sitter-markdown = "0.7.1"
error[E0308]: mismatched types
--> src/markdown.rs:81:29
|
81 | parser.set_language(tree_sitter_markdown::language()).unwrap();
| ------------ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected struct `tree_sitter::Language`, found a different struct `tree_sitter::Language`
| |
| arguments to this function are incorrect
|
= note: perhaps two different versions of crate `tree_sitter` are being used?
note: associated function defined here
--> /home/qtfkwk/.cargo/registry/src/github.com-1ecc6299db9ec823/tree-sitter-0.20.9/binding_rust/lib.rs:357:12
|
357 | pub fn set_language(&mut self, language: Language) -> Result<(), LanguageError> {
| ^^^^^^^^^^^^
For more information about this error, try `rustc --explain E0308`.
error: could not compile `project` due to previous error
Also the Cargo.lock file is included, but this is a library not a binary crate, so afaik it should not be committed to the repository (?). Fix would be git rm Cargo.lock. If it's needed for some reason, it has outdated dependencies too and it will be fixed by cargo update ran above.
I added this repo as a submodule to a private project and it worked without issue with these updates.
An alternative fix is to simply use old/matching tree-sitter in the Cargo.toml:
tree-sitter = "0.19"
tree-sitter-markdown = "0.7.1"
Forked this repo and preparing a PR...
Here are the other outdated dependencies:
$ cargo outdated
Name Project Compat Latest Kind Platform
---- ------- ------ ------ ---- --------
aho-corasick->memchr 2.3.4 2.5.0 2.5.0 Normal ---
cc 1.0.67 1.0.73 1.0.73 Build ---
regex->aho-corasick 0.7.15 0.7.19 0.7.19 Normal ---
regex->memchr 2.3.4 2.5.0 2.5.0 Normal ---
regex->regex-syntax 0.6.23 0.6.27 0.6.27 Normal ---
tree-sitter->cc 1.0.67 1.0.73 1.0.73 Build ---
tree-sitter->regex 1.4.5 1.6.0 1.6.0 Normal ---
Ran cargo audit for "fun" (yikes!)... "Regexes with large repetitions on empty sub-expressions take a very long time to parse" doesn't seem so bad... but still best to update...
$ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 458 security advisories (from /home/qtfkwk/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (7 crate dependencies)
Crate: regex
Version: 1.4.5
Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date: 2022-03-08
ID: RUSTSEC-2022-0013
URL: https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution: Upgrade to >=1.5.5
Dependency tree:
regex 1.4.5
└── tree-sitter 0.20.9
└── tree-sitter-markdown 0.7.2
error: 1 vulnerability found!
Ran cargo update and now all good...
$ cargo outdated
All dependencies are up to date, yay!
$ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 458 security advisories (from /home/qtfkwk/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (7 crate dependencies)