Add CI check to detect dependency changes that may affect downstream users #4526
Description
Summary
When a crate removes a dependency or removes a feature flag on an existing dependency, downstream users who relied on transitive feature enablement may encounter compilation errors. We should add a CI check to detect such changes and ensure they are documented in release notes.
Background
Rust's feature unification combines all features across the dependency graph. If crate A depends on crate B with feature X enabled, users of A also get feature X on B without explicitly requesting it.
Two types of changes can break downstream users:
- Removing a dependency that was enabling features on other crates
- Removing a feature flag on an existing dependency
In both cases, users see cryptic compilation errors that do not indicate a missing feature flag is the root cause.
Proposed Action
- Add a CI check that parses Cargo.toml diffs and detects:
- Removed dependencies
- Removed features on existing dependencies
- When such changes are detected, verify that a corresponding changelog entry exists
- Fail the CI check if the changelog does not document the change
Acceptance Criteria
- CI check detects removed dependencies in Cargo.toml
- CI check detects removed features on existing dependencies
- CI check verifies a changelog entry exists for detected changes
- CI check fails if changelog entry is missing, passes otherwise