rustsec icon indicating copy to clipboard operation
rustsec copied to clipboard
verified publisher icon rustsec

Update petgraph to 0.7.1

Open musicinmybrain opened this issue 1 year ago • 3 comments

See https://github.com/petgraph/petgraph/blob/petgraph%40v0.7.1/RELEASES.rst. This is a SemVer-incompatible update only because petgraph’s exposed dependency fixedbitset was updated SemVer-incompatibly, but rustsec’s use of the petgraph APIs is straightforward, and no code changes appear to be necessary:

$ rg petgraph::
cargo-lock/src/dependency/tree.rs
185:        use petgraph::visit::EdgeRef;

cargo-lock/src/dependency/graph.rs
3:pub use petgraph::{graph::NodeIndex, EdgeDirection};
8:pub type Graph = petgraph::graph::Graph<Package, Dependency>;

cargo-lock/src/bin/cargo-lock/main.rs
13:use petgraph::graph::NodeIndex;

Tested with cargo test --workspace -- --skip lint_advisory_db.

musicinmybrain avatar Jan 18 '25 13:01 musicinmybrain

Note: since petgraph is part of cargo-lock's public API, this is unfortunately a SemVer breaking change there as well

tarcieri avatar Jan 18 '25 14:01 tarcieri

@tarcieri how careful do we have to be about semver-incompatible changes for these crates? Are they widely used as libraries? Should we just move forward with this and bump the cargo-lock version to 11?

djc avatar Apr 07 '25 08:04 djc

I’d consider this a breaking change, yes.

Before we cut another release though, we should address #1323 which needs breaking changes to fix I believe

tarcieri avatar Apr 07 '25 08:04 tarcieri

Upgraded to 0.8 in #1424.

djc avatar Nov 07 '25 20:11 djc