From 9065c87cabe3ef6a3f33abcbfd3ae702a744a444 Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies <1781103+tustvold@users.noreply.github.com> Date: Sat, 10 Sep 2022 19:10:20 +0100 Subject: [PATCH 1/7] Update cargo-yank.md --- src/doc/src/commands/cargo-yank.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/doc/src/commands/cargo-yank.md b/src/doc/src/commands/cargo-yank.md index 8bf4f825c00..824d92241fd 100644 --- a/src/doc/src/commands/cargo-yank.md +++ b/src/doc/src/commands/cargo-yank.md @@ -15,9 +15,14 @@ The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. -Note that existing crates locked to a yanked version will still be able to -download the yanked version to use it. Cargo will, however, not allow any new -crates to be locked to any yanked version. +However, yanking a release will prevent compilation of any dependent crates +with a semver constraint that no can no longer be satisfied by a non-yanked +version of this crate. + +The only exception to this is crates locked to a yanked version by a lockfile, +these will still be able to download the yanked version to use it. Cargo +will, however, not allow any new crates to be locked to any yanked version, +including when resolving semver constraints in the abscence of a lockfile. This command requires you to be authenticated with either the `--token` option or using [cargo-login(1)](cargo-login.html). From 17c711cbe214f10b3ee0ecb9858fd24e117b1cb9 Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies Date: Sat, 10 Sep 2022 20:28:33 +0100 Subject: [PATCH 2/7] Review feedback --- src/doc/man/cargo-yank.md | 22 ++++++- src/doc/man/generated_txt/cargo-yank.txt | 33 ++++++++++- src/doc/src/commands/cargo-yank.md | 27 ++++++--- src/etc/man/cargo-yank.1 | 58 ++++++++++++++++++- .../in/.hg/wcache/checkisexec | 0 .../in/.hg/wcache/checklink | 1 + .../in/.hg/wcache/checklink-target | 0 .../in/.hg/wcache/checknoexec | 0 .../in/.hg/wcache/checkisexec | 0 .../in/.hg/wcache/checklink | 1 + .../in/.hg/wcache/checklink-target | 0 .../in/.hg/wcache/checknoexec | 0 12 files changed, 125 insertions(+), 17 deletions(-) create mode 100755 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec create mode 120000 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink create mode 100644 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target create mode 100644 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec create mode 100755 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec create mode 120000 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink create mode 100644 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target create mode 100644 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec diff --git a/src/doc/man/cargo-yank.md b/src/doc/man/cargo-yank.md index 3b9185d6a65..e411e2bc8c1 100644 --- a/src/doc/man/cargo-yank.md +++ b/src/doc/man/cargo-yank.md @@ -15,9 +15,25 @@ The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. -Note that existing crates locked to a yanked version will still be able to -download the yanked version to use it. Cargo will, however, not allow any new -crates to be locked to any yanked version. +However, yanking a release will prevent cargo from selecting that version +when determining the version of a dependency to use. If there are no longer +any compatible versions that haven't been yanked, cargo will return an error. + +The only exception to this is crates locked to a specific version by a lockfile, +these will still be able to download the yanked version to use it. + +For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, +`0.23.0` and `0.24.0`. The following table identifies what versions would be used by crates +with different semver constraints, in the absence of a lockfile + +| Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | +|------------------------------------|-------------------------------------------|-------------------|------------------| +| `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | +| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.22.0` | +| `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | + +A common workflow is to yank a crate having already published a semver compatible version, +to reduce the probability of preventing dependent crates from compiling This command requires you to be authenticated with either the `--token` option or using {{man "cargo-login" 1}}. diff --git a/src/doc/man/generated_txt/cargo-yank.txt b/src/doc/man/generated_txt/cargo-yank.txt index cd6bc2be4e6..4a3772f2915 100644 --- a/src/doc/man/generated_txt/cargo-yank.txt +++ b/src/doc/man/generated_txt/cargo-yank.txt @@ -12,9 +12,36 @@ DESCRIPTION server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. - Note that existing crates locked to a yanked version will still be able - to download the yanked version to use it. Cargo will, however, not allow - any new crates to be locked to any yanked version. + However, yanking a release will prevent cargo from selecting that + version when determining the version of a dependency to use. If there + are no longer any compatible versions that haven't been yanked, cargo + will return an error. + + The only exception to this is crates locked to a specific version by a + lockfile, these will still be able to download the yanked version to use + it. + + For example, consider a crate bar with published versions 0.22.0, + 0.22.1, 0.22.2, 0.23.0 and 0.24.0. The following table identifies what + versions would be used by crates with different semver constraints, in + the absence of a lockfile + + +----------------------+-----------------------+-----------+----------+ + | Yanked Version / | bar = "0.22.0" | bar = | bar = | + | Semver Constraint | | "=0.22.0" | "0.23.0" | + +----------------------+-----------------------+-----------+----------+ + | 0.22.0 | Use either 0.22.1 or | Return | Use | + | | 0.22.2 | Error | 0.23.0 | + +----------------------+-----------------------+-----------+----------+ + | 0.22.1 | Use either 0.22.0 or | Use | Use | + | | 0.22.2 | 0.22.0 | 0.22.0 | + +----------------------+-----------------------+-----------+----------+ + | 0.23.0 | Use either 0.22.0, | Use | Return | + | | 0.21.0 or 0.22.2 | 0.22.0 | Error | + +----------------------+-----------------------+-----------+----------+ + + A common workflow is to yank a crate having already published a semver + compatible version, to avoid preventing dependent crates from compiling This command requires you to be authenticated with either the --token option or using cargo-login(1). diff --git a/src/doc/src/commands/cargo-yank.md b/src/doc/src/commands/cargo-yank.md index 824d92241fd..bc1f0c0d2c5 100644 --- a/src/doc/src/commands/cargo-yank.md +++ b/src/doc/src/commands/cargo-yank.md @@ -15,14 +15,25 @@ The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. -However, yanking a release will prevent compilation of any dependent crates -with a semver constraint that no can no longer be satisfied by a non-yanked -version of this crate. - -The only exception to this is crates locked to a yanked version by a lockfile, -these will still be able to download the yanked version to use it. Cargo -will, however, not allow any new crates to be locked to any yanked version, -including when resolving semver constraints in the abscence of a lockfile. +However, yanking a release will prevent cargo from selecting that version +when determining the version of a dependency to use. If there are no longer +any compatible versions that haven't been yanked, cargo will return an error. + +The only exception to this is crates locked to a specific version by a lockfile, +these will still be able to download the yanked version to use it. + +For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, +`0.23.0` and `0.24.0`. The following table identifies what versions would be used by crates +with different semver constraints, in the absence of a lockfile + +| Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | +|------------------------------------|-------------------------------------------|-------------------|------------------| +| `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | +| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.22.0` | +| `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | + +A common workflow is to yank a crate having already published a semver compatible version, +to avoid preventing dependent crates from compiling This command requires you to be authenticated with either the `--token` option or using [cargo-login(1)](cargo-login.html). diff --git a/src/etc/man/cargo-yank.1 b/src/etc/man/cargo-yank.1 index c144ea14f45..b89ca79c3ee 100644 --- a/src/etc/man/cargo-yank.1 +++ b/src/etc/man/cargo-yank.1 @@ -14,9 +14,61 @@ The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. .sp -Note that existing crates locked to a yanked version will still be able to -download the yanked version to use it. Cargo will, however, not allow any new -crates to be locked to any yanked version. +However, yanking a release will prevent cargo from selecting that version +when determining the version of a dependency to use. If there are no longer +any compatible versions that haven't been yanked, cargo will return an error. +.sp +The only exception to this is crates locked to a specific version by a lockfile, +these will still be able to download the yanked version to use it. +.sp +For example, consider a crate \fBbar\fR with published versions \fB0.22.0\fR, \fB0.22.1\fR, \fB0.22.2\fR, +\fB0.23.0\fR and \fB0.24.0\fR\&. The following table identifies what versions would be used by crates +with different semver constraints, in the absence of a lockfile + +.TS +allbox tab(:); +lt lt lt lt. +T{ +Yanked Version / Semver Constraint +T}:T{ +\fBbar = "0.22.0"\fR +T}:T{ +\fBbar = "=0.22.0"\fR +T}:T{ +\fBbar = "0.23.0"\fR +T} +T{ +\fB0.22.0\fR +T}:T{ +Use either \fB0.22.1\fR or \fB0.22.2\fR +T}:T{ +\fBReturn Error\fR +T}:T{ +Use \fB0.23.0\fR +T} +T{ +\fB0.22.1\fR +T}:T{ +Use either \fB0.22.0\fR or \fB0.22.2\fR +T}:T{ +Use \fB0.22.0\fR +T}:T{ +Use \fB0.22.0\fR +T} +T{ +\fB0.23.0\fR +T}:T{ +Use either \fB0.22.0\fR, \fB0.21.0\fR or \fB0.22.2\fR +T}:T{ +Use \fB0.22.0\fR +T}:T{ +\fBReturn Error\fR +T} +.TE +.sp +.sp +A common workflow is to yank a crate having already published a semver compatible version, +to avoid preventing dependent crates from compiling .sp This command requires you to be authenticated with either the \fB\-\-token\fR option or using \fBcargo\-login\fR(1). diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec new file mode 100755 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink new file mode 120000 index 00000000000..326d735163a --- /dev/null +++ b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink @@ -0,0 +1 @@ +checklink-target \ No newline at end of file diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec new file mode 100755 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink new file mode 120000 index 00000000000..326d735163a --- /dev/null +++ b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink @@ -0,0 +1 @@ +checklink-target \ No newline at end of file diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec new file mode 100644 index 00000000000..e69de29bb2d From aa1f590335f81660cd2bb2ee663ec259104e06de Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies Date: Sat, 10 Sep 2022 20:31:39 +0100 Subject: [PATCH 3/7] Tweak wording --- src/doc/man/cargo-yank.md | 7 ++++--- src/doc/man/generated_txt/cargo-yank.txt | 9 +++++---- src/doc/src/commands/cargo-yank.md | 9 +++++---- src/etc/man/cargo-yank.1 | 9 +++++---- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/src/doc/man/cargo-yank.md b/src/doc/man/cargo-yank.md index e411e2bc8c1..4e9e2519525 100644 --- a/src/doc/man/cargo-yank.md +++ b/src/doc/man/cargo-yank.md @@ -22,9 +22,10 @@ any compatible versions that haven't been yanked, cargo will return an error. The only exception to this is crates locked to a specific version by a lockfile, these will still be able to download the yanked version to use it. -For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, -`0.23.0` and `0.24.0`. The following table identifies what versions would be used by crates -with different semver constraints, in the absence of a lockfile +For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, +`0.22.2`, `0.23.0` and `0.24.0`. The following table identifies the versions +cargo could use in the absence of a lockfile for different semver constraints, +following a given release being yanked | Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | |------------------------------------|-------------------------------------------|-------------------|------------------| diff --git a/src/doc/man/generated_txt/cargo-yank.txt b/src/doc/man/generated_txt/cargo-yank.txt index 4a3772f2915..4507f614af3 100644 --- a/src/doc/man/generated_txt/cargo-yank.txt +++ b/src/doc/man/generated_txt/cargo-yank.txt @@ -22,9 +22,9 @@ DESCRIPTION it. For example, consider a crate bar with published versions 0.22.0, - 0.22.1, 0.22.2, 0.23.0 and 0.24.0. The following table identifies what - versions would be used by crates with different semver constraints, in - the absence of a lockfile + 0.22.1, 0.22.2, 0.23.0 and 0.24.0. The following table identifies the + versions cargo could use in the absence of a lockfile for different + semver constraints, following a given release being yanked +----------------------+-----------------------+-----------+----------+ | Yanked Version / | bar = "0.22.0" | bar = | bar = | @@ -41,7 +41,8 @@ DESCRIPTION +----------------------+-----------------------+-----------+----------+ A common workflow is to yank a crate having already published a semver - compatible version, to avoid preventing dependent crates from compiling + compatible version, to reduce the probability of preventing dependent + crates from compiling This command requires you to be authenticated with either the --token option or using cargo-login(1). diff --git a/src/doc/src/commands/cargo-yank.md b/src/doc/src/commands/cargo-yank.md index bc1f0c0d2c5..7fca5522064 100644 --- a/src/doc/src/commands/cargo-yank.md +++ b/src/doc/src/commands/cargo-yank.md @@ -22,9 +22,10 @@ any compatible versions that haven't been yanked, cargo will return an error. The only exception to this is crates locked to a specific version by a lockfile, these will still be able to download the yanked version to use it. -For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, -`0.23.0` and `0.24.0`. The following table identifies what versions would be used by crates -with different semver constraints, in the absence of a lockfile +For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, +`0.22.2`, `0.23.0` and `0.24.0`. The following table identifies the versions +cargo could use in the absence of a lockfile for different semver constraints, +following a given release being yanked | Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | |------------------------------------|-------------------------------------------|-------------------|------------------| @@ -33,7 +34,7 @@ with different semver constraints, in the absence of a lockfile | `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | A common workflow is to yank a crate having already published a semver compatible version, -to avoid preventing dependent crates from compiling +to reduce the probability of preventing dependent crates from compiling This command requires you to be authenticated with either the `--token` option or using [cargo-login(1)](cargo-login.html). diff --git a/src/etc/man/cargo-yank.1 b/src/etc/man/cargo-yank.1 index b89ca79c3ee..5a65f472af9 100644 --- a/src/etc/man/cargo-yank.1 +++ b/src/etc/man/cargo-yank.1 @@ -21,9 +21,10 @@ any compatible versions that haven't been yanked, cargo will return an error. The only exception to this is crates locked to a specific version by a lockfile, these will still be able to download the yanked version to use it. .sp -For example, consider a crate \fBbar\fR with published versions \fB0.22.0\fR, \fB0.22.1\fR, \fB0.22.2\fR, -\fB0.23.0\fR and \fB0.24.0\fR\&. The following table identifies what versions would be used by crates -with different semver constraints, in the absence of a lockfile +For example, consider a crate \fBbar\fR with published versions \fB0.22.0\fR, \fB0.22.1\fR, +\fB0.22.2\fR, \fB0.23.0\fR and \fB0.24.0\fR\&. The following table identifies the versions +cargo could use in the absence of a lockfile for different semver constraints, +following a given release being yanked .TS allbox tab(:); @@ -68,7 +69,7 @@ T} .sp .sp A common workflow is to yank a crate having already published a semver compatible version, -to avoid preventing dependent crates from compiling +to reduce the probability of preventing dependent crates from compiling .sp This command requires you to be authenticated with either the \fB\-\-token\fR option or using \fBcargo\-login\fR(1). From e48b16f0e9451ae3e12dee4fe01e7f20898b2b05 Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies Date: Sat, 10 Sep 2022 20:35:20 +0100 Subject: [PATCH 4/7] Remove empty files --- .../init/mercurial_autodetect/in/.hg/wcache/checkisexec | 0 .../testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink | 1 - .../init/mercurial_autodetect/in/.hg/wcache/checklink-target | 0 .../init/mercurial_autodetect/in/.hg/wcache/checknoexec | 0 .../init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec | 0 .../init/simple_hg_ignore_exists/in/.hg/wcache/checklink | 1 - .../init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target | 0 .../init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec | 0 8 files changed, 2 deletions(-) delete mode 100755 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec delete mode 120000 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink delete mode 100644 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target delete mode 100644 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec delete mode 100755 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec delete mode 120000 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink delete mode 100644 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target delete mode 100644 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec deleted file mode 100755 index e69de29bb2d..00000000000 diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink deleted file mode 120000 index 326d735163a..00000000000 --- a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink +++ /dev/null @@ -1 +0,0 @@ -checklink-target \ No newline at end of file diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec deleted file mode 100755 index e69de29bb2d..00000000000 diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink deleted file mode 120000 index 326d735163a..00000000000 --- a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink +++ /dev/null @@ -1 +0,0 @@ -checklink-target \ No newline at end of file diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec deleted file mode 100644 index e69de29bb2d..00000000000 From af6b722663f010792df138db5dcff88173989c46 Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies Date: Sat, 10 Sep 2022 20:48:08 +0100 Subject: [PATCH 5/7] Fix copypasta --- src/doc/man/cargo-yank.md | 2 +- src/doc/man/generated_txt/cargo-yank.txt | 2 +- src/doc/src/commands/cargo-yank.md | 2 +- src/etc/man/cargo-yank.1 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/doc/man/cargo-yank.md b/src/doc/man/cargo-yank.md index 4e9e2519525..782550ffeae 100644 --- a/src/doc/man/cargo-yank.md +++ b/src/doc/man/cargo-yank.md @@ -30,7 +30,7 @@ following a given release being yanked | Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | |------------------------------------|-------------------------------------------|-------------------|------------------| | `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | -| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.22.0` | +| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.23.0` | | `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | A common workflow is to yank a crate having already published a semver compatible version, diff --git a/src/doc/man/generated_txt/cargo-yank.txt b/src/doc/man/generated_txt/cargo-yank.txt index 4507f614af3..8179cd66c99 100644 --- a/src/doc/man/generated_txt/cargo-yank.txt +++ b/src/doc/man/generated_txt/cargo-yank.txt @@ -34,7 +34,7 @@ DESCRIPTION | | 0.22.2 | Error | 0.23.0 | +----------------------+-----------------------+-----------+----------+ | 0.22.1 | Use either 0.22.0 or | Use | Use | - | | 0.22.2 | 0.22.0 | 0.22.0 | + | | 0.22.2 | 0.22.0 | 0.23.0 | +----------------------+-----------------------+-----------+----------+ | 0.23.0 | Use either 0.22.0, | Use | Return | | | 0.21.0 or 0.22.2 | 0.22.0 | Error | diff --git a/src/doc/src/commands/cargo-yank.md b/src/doc/src/commands/cargo-yank.md index 7fca5522064..b4a8b9cd51f 100644 --- a/src/doc/src/commands/cargo-yank.md +++ b/src/doc/src/commands/cargo-yank.md @@ -30,7 +30,7 @@ following a given release being yanked | Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | |------------------------------------|-------------------------------------------|-------------------|------------------| | `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | -| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.22.0` | +| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.23.0` | | `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | A common workflow is to yank a crate having already published a semver compatible version, diff --git a/src/etc/man/cargo-yank.1 b/src/etc/man/cargo-yank.1 index 5a65f472af9..0b4d8feb6aa 100644 --- a/src/etc/man/cargo-yank.1 +++ b/src/etc/man/cargo-yank.1 @@ -54,7 +54,7 @@ Use either \fB0.22.0\fR or \fB0.22.2\fR T}:T{ Use \fB0.22.0\fR T}:T{ -Use \fB0.22.0\fR +Use \fB0.23.0\fR T} T{ \fB0.23.0\fR From d227ad6a9d89888f51c039fc5e49e28271bb2e75 Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies Date: Tue, 27 Sep 2022 16:17:42 +0100 Subject: [PATCH 6/7] Review feedback --- src/doc/man/cargo-yank.md | 45 ++++++++----- src/doc/man/generated_txt/cargo-yank.txt | 66 +++++++++++-------- src/doc/src/commands/cargo-yank.md | 45 ++++++++----- src/etc/man/cargo-yank.1 | 37 +++++++---- .../in/.hg/wcache/checkisexec | 0 .../in/.hg/wcache/checklink | 1 + .../in/.hg/wcache/checklink-target | 0 .../in/.hg/wcache/checknoexec | 0 .../in/.hg/wcache/checkisexec | 0 .../in/.hg/wcache/checklink | 1 + .../in/.hg/wcache/checklink-target | 0 .../in/.hg/wcache/checknoexec | 0 12 files changed, 125 insertions(+), 70 deletions(-) create mode 100755 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec create mode 120000 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink create mode 100644 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target create mode 100644 tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec create mode 100755 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec create mode 120000 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink create mode 100644 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target create mode 100644 tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec diff --git a/src/doc/man/cargo-yank.md b/src/doc/man/cargo-yank.md index 782550ffeae..2af1d671f64 100644 --- a/src/doc/man/cargo-yank.md +++ b/src/doc/man/cargo-yank.md @@ -15,26 +15,39 @@ The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. -However, yanking a release will prevent cargo from selecting that version -when determining the version of a dependency to use. If there are no longer -any compatible versions that haven't been yanked, cargo will return an error. - -The only exception to this is crates locked to a specific version by a lockfile, -these will still be able to download the yanked version to use it. - -For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, +Crates should only be yanked in exceptional circumstances, for example, license/copyright issues, accidental +inclusion of [PII](https://en.wikipedia.org/wiki/Personal_data), credentials, etc... In the case of security +vulnerabilities, [RustSec](https://rustsec.org/) is typically a less disruptive mechanism to inform users +and encourage them to upgrade, and avoids the possibility of significant downstream disruption irrespective +of susceptibility to the vulnerability in question. + +Cargo will not use a yanked version for any new project or checkout without a +pre-existing lockfile, and will generate an error if there are no longer +any compatible versions for your crate. + +For example, the `foo` crate published version `0.22.0` and another crate `bar` +declared a dependency on version `foo = 0.22`. Now `foo` releases a new, but +not semver compatible, version `0.23.0`, and finds a critical issue with `0.22.0`. +If `0.22.0` is yanked, no new project or checkout without an existing lockfile will be +able to use crate `bar` as it relies on `0.22`. + +In this case, the maintainers of `foo` should first publish a semver compatible version +such as `0.22.1` prior to yanking `0.22.0` so that `bar` and all projects that depend +on `bar` will continue to work. + +As another example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, `0.23.0` and `0.24.0`. The following table identifies the versions -cargo could use in the absence of a lockfile for different semver constraints, -following a given release being yanked +cargo could use in the absence of a lockfile for different SemVer requirement, +following a given release being yanked: -| Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | -|------------------------------------|-------------------------------------------|-------------------|------------------| -| `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | -| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.23.0` | -| `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | +| Yanked Version / SemVer requirement | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | +|-------------------------------------|-------------------------------------------|-------------------|------------------| +| `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | +| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.23.0` | +| `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | A common workflow is to yank a crate having already published a semver compatible version, -to reduce the probability of preventing dependent crates from compiling +to reduce the probability of preventing dependent crates from compiling. This command requires you to be authenticated with either the `--token` option or using {{man "cargo-login" 1}}. diff --git a/src/doc/man/generated_txt/cargo-yank.txt b/src/doc/man/generated_txt/cargo-yank.txt index 8179cd66c99..b9a37170880 100644 --- a/src/doc/man/generated_txt/cargo-yank.txt +++ b/src/doc/man/generated_txt/cargo-yank.txt @@ -12,37 +12,51 @@ DESCRIPTION server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. - However, yanking a release will prevent cargo from selecting that - version when determining the version of a dependency to use. If there - are no longer any compatible versions that haven't been yanked, cargo - will return an error. - - The only exception to this is crates locked to a specific version by a - lockfile, these will still be able to download the yanked version to use - it. - - For example, consider a crate bar with published versions 0.22.0, + Crates should only be yanked in exceptional circumstances, for example, + license/copyright issues, accidental inclusion of PII + , credentials, etc... In + the case of security vulnerabilities, RustSec is + typically a less disruptive mechanism to inform users and encourage them + to upgrade, and avoids the possibility of significant downstream + disruption irrespective of susceptibility to the vulnerability in + question. + + Cargo will not use a yanked version for any new project or checkout + without a pre-existing lockfile, and will generate an error if there are + no longer any compatible versions for your crate. + + For example, the foo crate published version 0.22.0 and another crate + bar declared a dependency on version foo = 0.22. Now foo releases a new, + but not semver compatible, version 0.23.0, and finds a critical issue + with 0.22.0. If 0.22.0 is yanked, no new project or checkout without an + existing lockfile will be able to use crate bar as it relies on 0.22. + + In this case, the maintainers of foo should first publish a semver + compatible version such as 0.22.1 prior to yanking 0.22.0 so that bar + and all projects that depend on bar will continue to work. + + As another example, consider a crate bar with published versions 0.22.0, 0.22.1, 0.22.2, 0.23.0 and 0.24.0. The following table identifies the versions cargo could use in the absence of a lockfile for different - semver constraints, following a given release being yanked - - +----------------------+-----------------------+-----------+----------+ - | Yanked Version / | bar = "0.22.0" | bar = | bar = | - | Semver Constraint | | "=0.22.0" | "0.23.0" | - +----------------------+-----------------------+-----------+----------+ - | 0.22.0 | Use either 0.22.1 or | Return | Use | - | | 0.22.2 | Error | 0.23.0 | - +----------------------+-----------------------+-----------+----------+ - | 0.22.1 | Use either 0.22.0 or | Use | Use | - | | 0.22.2 | 0.22.0 | 0.23.0 | - +----------------------+-----------------------+-----------+----------+ - | 0.23.0 | Use either 0.22.0, | Use | Return | - | | 0.21.0 or 0.22.2 | 0.22.0 | Error | - +----------------------+-----------------------+-----------+----------+ + SemVer requirement, following a given release being yanked: + + +-----------------------+-----------------------+-----------+----------+ + | Yanked Version / | bar = "0.22.0" | bar = | bar = | + | SemVer requirement | | "=0.22.0" | "0.23.0" | + +-----------------------+-----------------------+-----------+----------+ + | 0.22.0 | Use either 0.22.1 or | Return | Use | + | | 0.22.2 | Error | 0.23.0 | + +-----------------------+-----------------------+-----------+----------+ + | 0.22.1 | Use either 0.22.0 or | Use | Use | + | | 0.22.2 | 0.22.0 | 0.23.0 | + +-----------------------+-----------------------+-----------+----------+ + | 0.23.0 | Use either 0.22.0, | Use | Return | + | | 0.21.0 or 0.22.2 | 0.22.0 | Error | + +-----------------------+-----------------------+-----------+----------+ A common workflow is to yank a crate having already published a semver compatible version, to reduce the probability of preventing dependent - crates from compiling + crates from compiling. This command requires you to be authenticated with either the --token option or using cargo-login(1). diff --git a/src/doc/src/commands/cargo-yank.md b/src/doc/src/commands/cargo-yank.md index b4a8b9cd51f..881d248ba43 100644 --- a/src/doc/src/commands/cargo-yank.md +++ b/src/doc/src/commands/cargo-yank.md @@ -15,26 +15,39 @@ The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. -However, yanking a release will prevent cargo from selecting that version -when determining the version of a dependency to use. If there are no longer -any compatible versions that haven't been yanked, cargo will return an error. - -The only exception to this is crates locked to a specific version by a lockfile, -these will still be able to download the yanked version to use it. - -For example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, +Crates should only be yanked in exceptional circumstances, for example, license/copyright issues, accidental +inclusion of [PII](https://en.wikipedia.org/wiki/Personal_data), credentials, etc... In the case of security +vulnerabilities, [RustSec](https://rustsec.org/) is typically a less disruptive mechanism to inform users +and encourage them to upgrade, and avoids the possibility of significant downstream disruption irrespective +of susceptibility to the vulnerability in question. + +Cargo will not use a yanked version for any new project or checkout without a +pre-existing lockfile, and will generate an error if there are no longer +any compatible versions for your crate. + +For example, the `foo` crate published version `0.22.0` and another crate `bar` +declared a dependency on version `foo = 0.22`. Now `foo` releases a new, but +not semver compatible, version `0.23.0`, and finds a critical issue with `0.22.0`. +If `0.22.0` is yanked, no new project or checkout without an existing lockfile will be +able to use crate `bar` as it relies on `0.22`. + +In this case, the maintainers of `foo` should first publish a semver compatible version +such as `0.22.1` prior to yanking `0.22.0` so that `bar` and all projects that depend +on `bar` will continue to work. + +As another example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, `0.23.0` and `0.24.0`. The following table identifies the versions -cargo could use in the absence of a lockfile for different semver constraints, -following a given release being yanked +cargo could use in the absence of a lockfile for different SemVer requirement, +following a given release being yanked: -| Yanked Version / Semver Constraint | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | -|------------------------------------|-------------------------------------------|-------------------|------------------| -| `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | -| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.23.0` | -| `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | +| Yanked Version / SemVer requirement | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | +|-------------------------------------|-------------------------------------------|-------------------|------------------| +| `0.22.0` | Use either `0.22.1` or `0.22.2` | **Return Error** | Use `0.23.0` | +| `0.22.1` | Use either `0.22.0` or `0.22.2` | Use `0.22.0` | Use `0.23.0` | +| `0.23.0` | Use either `0.22.0`, `0.21.0` or `0.22.2` | Use `0.22.0` | **Return Error** | A common workflow is to yank a crate having already published a semver compatible version, -to reduce the probability of preventing dependent crates from compiling +to reduce the probability of preventing dependent crates from compiling. This command requires you to be authenticated with either the `--token` option or using [cargo-login(1)](cargo-login.html). diff --git a/src/etc/man/cargo-yank.1 b/src/etc/man/cargo-yank.1 index 0b4d8feb6aa..263065e07ac 100644 --- a/src/etc/man/cargo-yank.1 +++ b/src/etc/man/cargo-yank.1 @@ -14,23 +14,36 @@ The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link. .sp -However, yanking a release will prevent cargo from selecting that version -when determining the version of a dependency to use. If there are no longer -any compatible versions that haven't been yanked, cargo will return an error. -.sp -The only exception to this is crates locked to a specific version by a lockfile, -these will still be able to download the yanked version to use it. -.sp -For example, consider a crate \fBbar\fR with published versions \fB0.22.0\fR, \fB0.22.1\fR, +Crates should only be yanked in exceptional circumstances, for example, license/copyright issues, accidental +inclusion of \fIPII\fR , credentials, etc... In the case of security +vulnerabilities, \fIRustSec\fR is typically a less disruptive mechanism to inform users +and encourage them to upgrade, and avoids the possibility of significant downstream disruption irrespective +of susceptibility to the vulnerability in question. +.sp +Cargo will not use a yanked version for any new project or checkout without a +pre\-existing lockfile, and will generate an error if there are no longer +any compatible versions for your crate. +.sp +For example, the \fBfoo\fR crate published version \fB0.22.0\fR and another crate \fBbar\fR +declared a dependency on version \fBfoo = 0.22\fR\&. Now \fBfoo\fR releases a new, but +not semver compatible, version \fB0.23.0\fR, and finds a critical issue with \fB0.22.0\fR\&. +If \fB0.22.0\fR is yanked, no new project or checkout without an existing lockfile will be +able to use crate \fBbar\fR as it relies on \fB0.22\fR\&. +.sp +In this case, the maintainers of \fBfoo\fR should first publish a semver compatible version +such as \fB0.22.1\fR prior to yanking \fB0.22.0\fR so that \fBbar\fR and all projects that depend +on \fBbar\fR will continue to work. +.sp +As another example, consider a crate \fBbar\fR with published versions \fB0.22.0\fR, \fB0.22.1\fR, \fB0.22.2\fR, \fB0.23.0\fR and \fB0.24.0\fR\&. The following table identifies the versions -cargo could use in the absence of a lockfile for different semver constraints, -following a given release being yanked +cargo could use in the absence of a lockfile for different SemVer requirement, +following a given release being yanked: .TS allbox tab(:); lt lt lt lt. T{ -Yanked Version / Semver Constraint +Yanked Version / SemVer requirement T}:T{ \fBbar = "0.22.0"\fR T}:T{ @@ -69,7 +82,7 @@ T} .sp .sp A common workflow is to yank a crate having already published a semver compatible version, -to reduce the probability of preventing dependent crates from compiling +to reduce the probability of preventing dependent crates from compiling. .sp This command requires you to be authenticated with either the \fB\-\-token\fR option or using \fBcargo\-login\fR(1). diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checkisexec new file mode 100755 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink new file mode 120000 index 00000000000..326d735163a --- /dev/null +++ b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink @@ -0,0 +1 @@ +checklink-target \ No newline at end of file diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checklink-target new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec b/tests/testsuite/init/mercurial_autodetect/in/.hg/wcache/checknoexec new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checkisexec new file mode 100755 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink new file mode 120000 index 00000000000..326d735163a --- /dev/null +++ b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink @@ -0,0 +1 @@ +checklink-target \ No newline at end of file diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checklink-target new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec b/tests/testsuite/init/simple_hg_ignore_exists/in/.hg/wcache/checknoexec new file mode 100644 index 00000000000..e69de29bb2d From 1cba8b74f5dad55cd50c6ca34cf26d31c754df8c Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies Date: Tue, 27 Sep 2022 16:18:41 +0100 Subject: [PATCH 7/7] Fix typo --- src/doc/man/cargo-yank.md | 2 +- src/doc/man/generated_txt/cargo-yank.txt | 2 +- src/doc/src/commands/cargo-yank.md | 2 +- src/etc/man/cargo-yank.1 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/doc/man/cargo-yank.md b/src/doc/man/cargo-yank.md index 2af1d671f64..2408187b1da 100644 --- a/src/doc/man/cargo-yank.md +++ b/src/doc/man/cargo-yank.md @@ -37,7 +37,7 @@ on `bar` will continue to work. As another example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, `0.23.0` and `0.24.0`. The following table identifies the versions -cargo could use in the absence of a lockfile for different SemVer requirement, +cargo could use in the absence of a lockfile for different SemVer requirements, following a given release being yanked: | Yanked Version / SemVer requirement | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | diff --git a/src/doc/man/generated_txt/cargo-yank.txt b/src/doc/man/generated_txt/cargo-yank.txt index b9a37170880..47558ea0313 100644 --- a/src/doc/man/generated_txt/cargo-yank.txt +++ b/src/doc/man/generated_txt/cargo-yank.txt @@ -38,7 +38,7 @@ DESCRIPTION As another example, consider a crate bar with published versions 0.22.0, 0.22.1, 0.22.2, 0.23.0 and 0.24.0. The following table identifies the versions cargo could use in the absence of a lockfile for different - SemVer requirement, following a given release being yanked: + SemVer requirements, following a given release being yanked: +-----------------------+-----------------------+-----------+----------+ | Yanked Version / | bar = "0.22.0" | bar = | bar = | diff --git a/src/doc/src/commands/cargo-yank.md b/src/doc/src/commands/cargo-yank.md index 881d248ba43..27229f3ebc0 100644 --- a/src/doc/src/commands/cargo-yank.md +++ b/src/doc/src/commands/cargo-yank.md @@ -37,7 +37,7 @@ on `bar` will continue to work. As another example, consider a crate `bar` with published versions `0.22.0`, `0.22.1`, `0.22.2`, `0.23.0` and `0.24.0`. The following table identifies the versions -cargo could use in the absence of a lockfile for different SemVer requirement, +cargo could use in the absence of a lockfile for different SemVer requirements, following a given release being yanked: | Yanked Version / SemVer requirement | `bar = "0.22.0"` | `bar = "=0.22.0"` | `bar = "0.23.0"` | diff --git a/src/etc/man/cargo-yank.1 b/src/etc/man/cargo-yank.1 index 263065e07ac..d143a16b43a 100644 --- a/src/etc/man/cargo-yank.1 +++ b/src/etc/man/cargo-yank.1 @@ -36,7 +36,7 @@ on \fBbar\fR will continue to work. .sp As another example, consider a crate \fBbar\fR with published versions \fB0.22.0\fR, \fB0.22.1\fR, \fB0.22.2\fR, \fB0.23.0\fR and \fB0.24.0\fR\&. The following table identifies the versions -cargo could use in the absence of a lockfile for different SemVer requirement, +cargo could use in the absence of a lockfile for different SemVer requirements, following a given release being yanked: .TS