Closed funnym0nk3y closed 2 years ago
In fact cargo does this by default: https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
cargo update
will update the lockfile to the latest semver compatible versions of everything.
So it overrides the versions specified in cargo.toml
and therefore could introduce a major version upgrade?
Only newer versions that are compatible according to semver.
I still think it's a good idea to let it so it's thing automatically without needing to call a command.
Well it's never done automatically. That's the purpose of the lockfile?
But the lockfile gets updated with every successful build AFAIK.
AFAIK, the lockfile is updated after every change to Cargo.toml.
In any case, I usually execute a cargo update
before testing a new release version. cargo install
also updates the lockfile unless you pass --locked
. So users should already get the latest dependency versions.
As crates are using semver it should be safe to allow cargo to update the dependencies as minor updates should be API compatible.