-
Notifications
You must be signed in to change notification settings - Fork 2.9k
Command to update Cargo.lock to minimal versions #4100
Copy link
Copy link
Closed
Labels
A-dependency-resolutionArea: dependency resolution and the resolverArea: dependency resolution and the resolverA-new-subcommandArea: new subcommandArea: new subcommandC-feature-requestCategory: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`
Description
Metadata
Metadata
Assignees
Labels
A-dependency-resolutionArea: dependency resolution and the resolverArea: dependency resolution and the resolverA-new-subcommandArea: new subcommandArea: new subcommandC-feature-requestCategory: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`
Type
Fields
Give feedbackNo fields configured for issues without a type.
From today's meeting.
Problem:
You write a library A, which depends on B, so you put
B = 1.0in A's Cargo.toml. The you run Cargo build, and Cargo greedily pulls B 1.1 into the lockfile. Then you accidentally start depending on features introduced in 1.1, but you don't changeCargo.toml. Your test locally pass, and CI passes as well, and you publish a crate whose Cargo.toml is a lie.Solution:
Add
cargo update --minimal, which generates lockfile picking the minimum possible version of all crates (it's not possible, of course, because there's no total order on dependency graphs, but some heuristics might work well in practice). Then in CI environment you generate the minimal lockfile to make sure you don't accidentally depend on newer than Cargo.toml features.