MSRV policy

[Kixunil]

The toml crate originally had lower (implicit) MSRV. Would it be possible to lower it back to at least 1.48?

[epage]

For anyone else seeing this, the MSRV in main is 1.60.0

Looks like you are asking for a roughly two year MSRV policy.

Could you expand on what requirements on driving that low of an MSRV and why older versions of toml wouldn't be sufficient?

We are looking to re-implement toml in terms of toml_edit (#340) which has had an MSRV of 1.59.

This wouldn't just impact toml and toml_edit, we'd either need to lower MSRVs or downgrade all of the dependencies

Key dependencies would include

• criterion
• snapbox
• toml-test-harness
  • libtest-mimic

This would also prevent us from keeping our [features] clean, require a serde1 feature to workaround problems, and force more dependencies on people as we wouldn't have access to namespaced and weak dependencies.

toml v0.5.9 (/home/epage/src/personal/toml/crates/toml)
├── serde v1.0.145
│   └── serde_derive v1.0.145 (proc-macro)
│       ├── proc-macro2 v1.0.43
│       │   └── unicode-ident v1.0.4
│       ├── quote v1.0.21
│       │   └── proc-macro2 v1.0.43 (*)
│       └── syn v1.0.100
│           ├── proc-macro2 v1.0.43 (*)
│           ├── quote v1.0.21 (*)
│           └── unicode-ident v1.0.4
└── toml_datetime v0.5.0 (/home/epage/src/personal/toml/crates/toml_datetime)
    └── serde v1.0.145 (*)
[dev-dependencies]
├── serde_derive v1.0.145 (proc-macro) (*)
└── serde_json v1.0.85
    ├── itoa v1.0.3
    ├── ryu v1.0.11
    └── serde v1.0.145 (*)

toml_datetime v0.5.0 (/home/epage/src/personal/toml/crates/toml_datetime) (*)

toml_edit v0.14.4 (/home/epage/src/personal/toml/crates/toml_edit)
├── combine v4.6.6
│   ├── bytes v1.2.1
│   └── memchr v2.5.0
├── indexmap v1.9.1
│   └── hashbrown v0.12.3
│   [build-dependencies]
│   └── autocfg v1.1.0
├── itertools v0.10.5
│   └── either v1.8.0
└── toml_datetime v0.5.0 (/home/epage/src/personal/toml/crates/toml_datetime) (*)
[dev-dependencies]
├── criterion v0.4.0
│   ├── anes v0.1.6
│   ├── atty v0.2.14
│   │   └── libc v0.2.133
│   ├── cast v0.3.0
│   ├── ciborium v0.2.0
│   │   ├── ciborium-io v0.2.0
│   │   ├── ciborium-ll v0.2.0
│   │   │   ├── ciborium-io v0.2.0
│   │   │   └── half v1.8.2
│   │   └── serde v1.0.145 (*)
│   ├── clap v3.2.22
│   │   ├── atty v0.2.14 (*)
│   │   ├── bitflags v1.3.2
│   │   ├── clap_derive v3.2.18 (proc-macro)
│   │   │   ├── heck v0.4.0
│   │   │   ├── proc-macro-error v1.0.4
│   │   │   │   ├── proc-macro-error-attr v1.0.4 (proc-macro)
│   │   │   │   │   ├── proc-macro2 v1.0.43 (*)
│   │   │   │   │   └── quote v1.0.21 (*)
│   │   │   │   │   [build-dependencies]
│   │   │   │   │   └── version_check v0.9.4
│   │   │   │   ├── proc-macro2 v1.0.43 (*)
│   │   │   │   ├── quote v1.0.21 (*)
│   │   │   │   └── syn v1.0.100 (*)
│   │   │   │   [build-dependencies]
│   │   │   │   └── version_check v0.9.4
│   │   │   ├── proc-macro2 v1.0.43 (*)
│   │   │   ├── quote v1.0.21 (*)
│   │   │   └── syn v1.0.100 (*)
│   │   ├── clap_lex v0.2.4
│   │   │   └── os_str_bytes v6.3.0
│   │   ├── indexmap v1.9.1 (*)
│   │   ├── once_cell v1.15.0
│   │   ├── strsim v0.10.0
│   │   ├── termcolor v1.1.3
│   │   └── textwrap v0.15.1
│   ├── criterion-plot v0.5.0
│   │   ├── cast v0.3.0
│   │   └── itertools v0.10.5 (*)
│   ├── itertools v0.10.5 (*)
│   ├── lazy_static v1.4.0
│   ├── num-traits v0.2.15
│   │   [build-dependencies]
│   │   └── autocfg v1.1.0
│   ├── oorandom v11.1.3
│   ├── plotters v0.3.4
│   │   ├── num-traits v0.2.15 (*)
│   │   ├── plotters-backend v0.3.4
│   │   └── plotters-svg v0.3.3
│   │       └── plotters-backend v0.3.4
│   ├── rayon v1.5.3
│   │   ├── crossbeam-deque v0.8.2
│   │   │   ├── cfg-if v1.0.0
│   │   │   ├── crossbeam-epoch v0.9.10
│   │   │   │   ├── cfg-if v1.0.0
│   │   │   │   ├── crossbeam-utils v0.8.11
│   │   │   │   │   ├── cfg-if v1.0.0
│   │   │   │   │   └── once_cell v1.15.0
│   │   │   │   ├── memoffset v0.6.5
│   │   │   │   │   [build-dependencies]
│   │   │   │   │   └── autocfg v1.1.0
│   │   │   │   ├── once_cell v1.15.0
│   │   │   │   └── scopeguard v1.1.0
│   │   │   │   [build-dependencies]
│   │   │   │   └── autocfg v1.1.0
│   │   │   └── crossbeam-utils v0.8.11 (*)
│   │   ├── either v1.8.0
│   │   └── rayon-core v1.9.3
│   │       ├── crossbeam-channel v0.5.6
│   │       │   ├── cfg-if v1.0.0
│   │       │   └── crossbeam-utils v0.8.11 (*)
│   │       ├── crossbeam-deque v0.8.2 (*)
│   │       ├── crossbeam-utils v0.8.11 (*)
│   │       └── num_cpus v1.13.1
│   │           └── libc v0.2.133
│   │   [build-dependencies]
│   │   └── autocfg v1.1.0
│   ├── regex v1.6.0
│   │   ├── aho-corasick v0.7.19
│   │   │   └── memchr v2.5.0
│   │   ├── memchr v2.5.0
│   │   └── regex-syntax v0.6.27
│   ├── serde v1.0.145 (*)
│   ├── serde_derive v1.0.145 (proc-macro) (*)
│   ├── serde_json v1.0.85 (*)
│   ├── tinytemplate v1.2.1
│   │   ├── serde v1.0.145 (*)
│   │   └── serde_json v1.0.85 (*)
│   └── walkdir v2.3.2
│       └── same-file v1.0.6
├── serde_json v1.0.85 (*)
├── snapbox v0.4.0
│   ├── concolor v0.0.8
│   │   ├── atty v0.2.14 (*)
│   │   ├── bitflags v1.3.2
│   │   └── concolor-query v0.0.5
│   ├── ignore v0.4.18
│   │   ├── crossbeam-utils v0.8.11 (*)
│   │   ├── globset v0.4.9
│   │   │   ├── aho-corasick v0.7.19 (*)
│   │   │   ├── bstr v0.2.17
│   │   │   │   └── memchr v2.5.0
│   │   │   ├── fnv v1.0.7
│   │   │   ├── log v0.4.17
│   │   │   │   └── cfg-if v1.0.0
│   │   │   └── regex v1.6.0 (*)
│   │   ├── lazy_static v1.4.0
│   │   ├── log v0.4.17 (*)
│   │   ├── memchr v2.5.0
│   │   ├── regex v1.6.0 (*)
│   │   ├── same-file v1.0.6
│   │   ├── thread_local v1.1.4
│   │   │   └── once_cell v1.15.0
│   │   └── walkdir v2.3.2 (*)
│   ├── libtest-mimic v0.5.2
│   │   ├── clap v3.2.22 (*)
│   │   ├── termcolor v1.1.3
│   │   └── threadpool v1.8.1
│   │       └── num_cpus v1.13.1 (*)
│   ├── normalize-line-endings v0.3.0
│   ├── similar v2.2.0
│   ├── snapbox-macros v0.3.1
│   └── yansi v0.5.1
├── toml v0.5.9
│   └── serde v1.0.145 (*)
└── toml-test-harness v0.4.1
    ├── ignore v0.4.18 (*)
    ├── libtest-mimic v0.5.2 (*)
    ├── toml-test v0.3.4
    │   ├── chrono v0.4.22
    │   │   ├── num-integer v0.1.45
    │   │   │   └── num-traits v0.2.15 (*)
    │   │   │   [build-dependencies]
    │   │   │   └── autocfg v1.1.0
    │   │   └── num-traits v0.2.15 (*)
    │   ├── serde v1.0.145 (*)
    │   └── serde_json v1.0.85 (*)
    └── toml-test-data v1.1.0
        └── include_dir v0.6.2
            ├── glob v0.3.0
            ├── include_dir_impl v0.6.2 (proc-macro)
            │   ├── anyhow v1.0.65
            │   ├── proc-macro-hack v0.5.19 (proc-macro)
            │   ├── proc-macro2 v1.0.43 (*)
            │   ├── quote v1.0.21 (*)
            │   └── syn v1.0.100 (*)
            └── proc-macro-hack v0.5.19 (proc-macro)

toml_test_suite v0.0.0 (/home/epage/src/personal/toml/crates/test-suite)
[dev-dependencies]
├── criterion v0.4.0 (*)
├── serde v1.0.145 (*)
├── serde_derive v1.0.145 (proc-macro) (*)
├── serde_json v1.0.85 (*)
├── toml v0.5.9 (/home/epage/src/personal/toml/crates/toml) (*)
└── toml-test-harness v0.4.1 (*)

See also rust-lang/libs-team#72

[epage]

This would also prevent us from keeping our [features] clean, require a serde1 feature to workaround problems, and force more dependencies on people as we wouldn't have access to namespaced and weak dependencies.

Just want to add that bstr 1.0 chose its MSRV for this specific feature.

See BurntSushi/bstr#135

[Kixunil]

Could you expand on what requirements on driving that low of an MSRV

I write some security-critical software that uses toml for configuration. Being security-critical using rustup is not a secure-enough way to get the compiler. Debian packages are the way to go and there is 1.48 in Debian stable.

why older versions of toml wouldn't be sufficient?

Actually, they are right now. If there are any bugs found in older versions then it could become a problem. Thankfully, being used for configuration only security vulnerabilities are not that huge issue.

So an alternative policy "MSRV is 1.60 but we will accept PRs backporting bug fixes to older versions of the crate" would be also fine. This implies either minor version needs to be bumped with MSRV bump or some versions may get 4-component version numbers (1.2.3.4) - not sure if they are accepted by Cargo, probably yes.

[epage]

I think we could do a one-off 0.5 release that includes the needed deprecations while maintaining the old MSRV. 0.6+ would then be using the regular MSRV.

[Kixunil]

Sounds good, thanks!

[mitsuhiko]

A semver increase for this would be very appreciated for my use of toml in my insta testing tool as well. I am trying to be conservative there so that people who are supporting older rustc versions can still use insta for testing.

[epage]

Alright, I've setup the release process for a toml-v0.5 branch for the older MSRV.