@@ -36,6 +36,38 @@ use std::str::FromStr;
3636#[ cfg_attr( feature = "schema" , derive( schemars:: JsonSchema ) ) ]
3737pub struct VersionInfo {
3838 pub packages : Vec < Package > ,
39+ /// Format revision of the audit data.
40+ ///
41+ /// Format revisions are **backwards compatible.**
42+ /// If an unknown format is encountered, it should be treated as the highest known preceding format.
43+ /// For example, if formats `0`, `1` and `8` are known, format `4` should be treated as if it's `1`.
44+ ///
45+ /// ## Known formats
46+ ///
47+ /// ### 0 (or the field is absent)
48+ ///
49+ /// Generated based on the data provided by [`cargo metadata`](https://doc.rust-lang.org/cargo/commands/cargo-metadata.html).
50+ ///
51+ /// There are multiple [known](https://github.com/rust-lang/cargo/issues/7754)
52+ /// [issues](https://github.com/rust-lang/cargo/issues/10718) with this data source,
53+ /// leading to the audit data sometimes including more dependencies than are really used in the build.
54+ ///
55+ /// However, is the only machine-readable data source available on stable Rust as of v1.88.
56+ ///
57+ /// Additionally, this format incorrectly includes [procedural macros](https://doc.rust-lang.org/reference/procedural-macros.html)
58+ /// and their dependencies as runtime dependencies while in reality they are build-time dependencies.
59+ ///
60+ /// ### 1
61+ ///
62+ /// Same as 0, but correctly records proc-macros and their dependencies as build-time dependencies.
63+ ///
64+ /// May still include slightly more dependencies than are actually used, especially in workspaces.
65+ ///
66+ /// ### 8
67+ ///
68+ /// Generated using Cargo's [SBOM precursor](https://doc.rust-lang.org/cargo/reference/unstable.html#sbom) as the data source.
69+ ///
70+ /// This data is highly accurate, but as of Rust v1.88 can only be generated using a nightly build of Cargo.
3971#[ serde( default ) ]
4072 #[ serde( skip_serializing_if = "is_default" ) ]
4173 pub format : u32 ,
0 commit comments