SemVer broken by 2.10.0 release

[str4d]

This crate documents itself as following SemVer:

rust-crates-index/CHANGELOG.md

Lines 1 to 6 in dba8b14

	# Changelog
	All notable changes to this project will be documented in this file.
	The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
	and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

Per SemVer, migrating from crates-index 2.8.0 to crates-index 2.10.0 should only involve backwards-compatible changes. However, 2.10.0 included #170 which migrated from http 0.2 to http 1.0. This is a breaking change, because http is exposed in the crate's public API. For example, crates_index::SparseIndex::parse_cache_response takes an http::response::Response as an argument.

Specifically, this update broke users' ability to install cargo-dl (which uses SparseIndex::parse_cache_response), which now fails with:

   Compiling cargo-dl v0.1.4
error[E0277]: the trait bound `ureq::Request: From<http::request::Builder>` is not satisfied
   --> /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-dl-0.1.4/src/main.rs:104:27
    |
104 |             let request = ureq::Request::from(request).set("User-Agent", USER_AGENT);
    |                           ^^^^^^^^^^^^^ the trait `From<http::request::Builder>` is not implemented for `ureq::Request`
    |
    = help: the following other types implement trait `From<T>`:
              <ureq::Request as From<http::request::Parts>>
              <ureq::Request as From<http::request::Builder>>

error[E0308]: mismatched types
   --> /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-dl-0.1.4/src/main.rs:108:68
    |
108 |             if let Some(krate) = index.parse_cache_response(&name, response, true)? {
    |                                        --------------------        ^^^^^^^^ expected `http::response::Response<Vec<u8>>`, found `http::Response<Vec<u8>>`
    |                                        |
    |                                        arguments to this method are incorrect
    |
    = note: `http::Response<Vec<u8>>` and `http::response::Response<Vec<u8>>` have similar names, but are actually distinct types
note: `http::Response<Vec<u8>>` is defined in crate `http`
   --> /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/http-0.2.12/src/response.rs:179:1
    |
179 | pub struct Response<T> {
    | ^^^^^^^^^^^^^^^^^^^^^^
note: `http::response::Response<Vec<u8>>` is defined in crate `http`
   --> /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/http-1.1.0/src/response.rs:180:1
    |
180 | pub struct Response<T> {
    | ^^^^^^^^^^^^^^^^^^^^^^
    = note: perhaps two different versions of crate `http` are being used?
note: method defined here
   --> /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/crates-index-2.10.0/src/sparse.rs:276:12
    |
276 |     pub fn parse_cache_response(
    |            ^^^^^^^^^^^^^^^^^^^^

Some errors have detailed explanations: E0277, E0308.
For more information about an error, try `rustc --explain E0277`.
error: could not compile `cargo-dl` (bin "cargo-dl") due to 2 previous errors

Possible resolutions:

• Revert Upgrade to http 1 #170 and publish 2.10.1 (perhaps in a branch) to undo the SemVer breakage for the 2.Y.Z series. Then re-publish 2.10.0 / current master branch as 3.0.0.
• Remove the claim that crates-index follows SemVer from the changelog, and update the changelog for 2.10.0 to document that it is a breaking release that migrates from http 0.2 to http 1.

[Byron]

Thanks for reporting and the detailed analysis.

The possible solutions are also appreciated - even though fixing the breakage may cause more breakage with those who use 2.8 with HTTP1, that should be the minority and doing so should be preferred.

A fix as proposed is in the works.

[Byron]

validation log

❯ cargo install cargo-dl
    Updating crates.io index
  Downloaded cargo-dl v0.1.4
  Downloaded 1 crate (24.7 KB) in 0.13s
  Installing cargo-dl v0.1.4
    Updating crates.io index
  Downloaded culpa v1.0.2
  Downloaded culpa-macros v1.0.2
  Downloaded rustls-pki-types v1.7.0
  Downloaded stylish v0.1.0
  Downloaded with_builtin_macros-proc_macros v0.0.3
  Downloaded stylish-style v0.1.0
  Downloaded stylish-macros v0.1.1
  Downloaded stylish-core v0.1.1
  Downloaded zeroize v1.8.1
  Downloaded with_builtin_macros v0.0.3
  Downloaded stylish-plain v0.1.0
  Downloaded stylish-ansi v0.1.1
  Downloaded rustls-webpki v0.102.4
  Downloaded stylish-html v0.1.1
  Downloaded stack_dst v0.6.1
  Downloaded crates-index v2.10.1
  Downloaded 16 crates (452.5 KB) in 1.12s
   Compiling proc-macro2 v1.0.84
   Compiling unicode-ident v1.0.12
   Compiling libc v0.2.155
   Compiling cfg-if v1.0.0
   Compiling serde v1.0.203
   Compiling syn v1.0.109
   Compiling cc v1.0.98
   Compiling typenum v1.17.0
   Compiling version_check v0.9.4
   Compiling once_cell v1.19.0
   Compiling tinyvec_macros v0.1.1
   Compiling memchr v2.7.2
   Compiling minimal-lexical v0.2.1
   Compiling rustix v0.38.34
   Compiling generic-array v0.14.7
   Compiling tinyvec v1.6.0
   Compiling nom v7.1.3
   Compiling io-lifetimes v1.0.11
   Compiling ring v0.17.8
   Compiling rustls-pki-types v1.7.0
   Compiling itoa v1.0.11
   Compiling log v0.4.21
   Compiling untrusted v0.9.0
   Compiling utf8parse v0.2.1
   Compiling equivalent v1.0.1
   Compiling lazy_static v1.4.0
   Compiling stylish-style v0.1.0
   Compiling bitflags v2.5.0
   Compiling hashbrown v0.14.5
   Compiling spin v0.9.8
   Compiling anstyle-parse v0.2.4
   Compiling unicode-normalization v0.1.23
   Compiling tracing-core v0.1.32
   Compiling quote v1.0.36
   Compiling indexmap v2.2.6
   Compiling syn v2.0.66
   Compiling alloc-no-stdlib v2.0.4
   Compiling thiserror v1.0.61
   Compiling errno v0.3.9
   Compiling getrandom v0.2.15
   Compiling adler v1.0.2
   Compiling colorchoice v1.0.1
   Compiling percent-encoding v2.3.1
   Compiling bytes v1.6.0
   Compiling unicode-bidi v0.3.15
   Compiling rustix v0.37.27
   Compiling regex-syntax v0.8.3
   Compiling rustls v0.22.4
   Compiling is_terminal_polyfill v1.70.0
   Compiling regex-syntax v0.6.29
   Compiling serde_json v1.0.117
   Compiling winnow v0.6.8
   Compiling fnv v1.0.7
   Compiling anstyle-query v1.0.3
   Compiling anstyle v1.0.7
   Compiling semver v1.0.23
   Compiling stack_dst v0.6.1
   Compiling portable-atomic v1.6.0
   Compiling regex-automata v0.4.6
   Compiling anstream v0.6.14
   Compiling toml_datetime v0.6.6
   Compiling serde_spanned v0.6.6
   Compiling http v0.2.12
   Compiling regex-automata v0.1.10
   Compiling toml_edit v0.22.13
   Compiling idna v0.5.0
   Compiling with_builtin_macros-proc_macros v0.0.3
   Compiling with_builtin_macros v0.0.3
   Compiling stylish-macros v0.1.1
   Compiling thiserror-impl v1.0.61
   Compiling tracing-attributes v0.1.27
   Compiling terminal_size v0.3.0
   Compiling crypto-common v0.1.6
   Compiling stylish-core v0.1.1
   Compiling block-buffer v0.10.4
   Compiling form_urlencoded v1.2.1
   Compiling rustls-webpki v0.102.4
   Compiling miniz_oxide v0.7.3
   Compiling alloc-stdlib v0.2.2
   Compiling crc32fast v1.4.2
   Compiling ryu v1.0.18
   Compiling bitflags v1.3.2
   Compiling heck v0.5.0
   Compiling zeroize v1.8.1
   Compiling strsim v0.11.1
   Compiling subtle v2.5.0
   Compiling anyhow v1.0.86
   Compiling overload v0.1.1
   Compiling pin-project-lite v0.2.14
   Compiling clap_lex v0.7.0
   Compiling clap_builder v4.5.2
   Compiling tracing v0.1.40
   Compiling nu-ansi-term v0.46.0
   Compiling clap_derive v4.5.4
   Compiling flate2 v1.0.30
   Compiling stylish-ansi v0.1.1
   Compiling brotli-decompressor v2.5.1
   Compiling url v2.5.0
   Compiling digest v0.10.7
   Compiling culpa-macros v1.0.2
   Compiling serde_derive v1.0.203
   Compiling toml v0.8.13
   Compiling regex v1.10.4
   Compiling matchers v0.1.0
   Compiling smol_str v0.2.2
   Compiling hex v0.4.3
   Compiling cpufeatures v0.2.12
   Compiling filetime v0.2.23
   Compiling console v0.15.8
   Compiling tracing-log v0.2.0
   Compiling sharded-slab v0.1.7
   Compiling webpki-roots v0.26.1
   Compiling thread_local v1.1.8
   Compiling rustc-hash v1.1.0
   Compiling base64 v0.22.1
   Compiling home v0.5.9
   Compiling number_prefix v0.4.0
   Compiling indicatif v0.17.8
   Compiling ureq v2.9.7
   Compiling crates-index v2.10.1
   Compiling tracing-subscriber v0.3.18
   Compiling tar v0.4.40
   Compiling sha2 v0.10.8
   Compiling culpa v1.0.2
   Compiling clap v4.5.4
   Compiling terminal_size v0.2.6
   Compiling stylish v0.1.0
   Compiling displaydoc v0.2.4
   Compiling fn-error-context v0.2.1
   Compiling cargo-dl v0.1.4
    Finished `release` profile [optimized] target(s) in 22.93s
  Installing /Users/byron/.cargo/bin/cargo-dl
   Installed package `cargo-dl v0.1.4` (executable `cargo-dl`)