Closed funnym0nk3y closed 2 years ago
FliegendeWurst
commented
2 years ago In fact cargo does this by default: https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
cargo update will update the lockfile to the latest semver compatible versions of everything.
funnym0nk3y
commented
2 years ago So it overrides the versions specified in cargo.toml and therefore could introduce a major version upgrade?
FliegendeWurst
commented
2 years ago Only newer versions that are compatible according to semver.
funnym0nk3y
commented
2 years ago I still think it's a good idea to let it so it's thing automatically without needing to call a command.
FliegendeWurst
commented
2 years ago Well it's never done automatically. That's the purpose of the lockfile?
funnym0nk3y
commented
2 years ago But the lockfile gets updated with every successful build AFAIK.
FliegendeWurst
commented
2 years ago AFAIK, the lockfile is updated after every change to Cargo.toml.
In any case, I usually execute a cargo update before testing a new release version. cargo install also updates the lockfile unless you pass --locked. So users should already get the latest dependency versions.
As crates are using semver it should be safe to allow cargo to update the dependencies as minor updates should be API compatible.