akubera
commented
5 months ago What other dependencies are involved? BigDecimal restricts to >=0.3.0,<0.4.5 as num-bigint passed our minimum supported rust version in their latest release.
Closed iajoiner closed 5 months ago
akubera
commented
5 months ago What other dependencies are involved? BigDecimal restricts to >=0.3.0,<0.4.5 as num-bigint passed our minimum supported rust version in their latest release.
decathorpe
commented
5 months ago cargo sometimes has problems dealing with version requirements like >=0.3.0,<0.4.5, and might not always manage to pick a version of a crate that satisfies such restrictive requirements. For example, the num crate requires num-bigint ="^0.4.5", which might cause cargo to give up if both num ^0.4 and bigdecimal are in the same dependency tree.
In general, I think the recommendation for dealing with MSRV bumps in library crate dependencies is not to use restrictive version requirements like the ones added in v0.4.4, but to use a Cargo.lock file. That makes it possible for downstream consumers to pin versions of any dependencies that fit their own MSRV, instead of forcing the cargo dependency resolver into corners that are not well-tested.
akubera
commented
5 months ago I think Cargo.lock worked. Thanks. Version 0.4.5 has been released and the the num-* dependency restrictions have been removed. Let me know if this needs further action.
cakebaker
commented
5 months ago Thanks for the quick fix, at least in our CI the errors are gone with the new 0.4.5 release.
iajoiner
commented
5 months ago Really thanks for the quick fix! Same here.
iajoiner
commented
5 months ago @akubera https://github.com/spaceandtimelabs/sxt-proof-of-sql/blob/main/Cargo.toml#L43 @decathorpe explained it well.
As
bigdecimalis upgraded from 0.4.3 to 0.4.4 it suddenly broke our CI sincenum-bigintis downgraded from 0.4.5 to 0.3.3.