jonhoo
commented
6 months ago That is not true. As per the Cargo docs, the only thing that is special about 0.x versions is that the x is treated as a major version specifier rather than a minor version specifier. In other words, it is not legal (according to Cargo's interpretation of semver) to do a breaking change between 0.x.1 and 0.x.2. You are, however, allowed to make a breaking change between 0.x and 0.x+1. Note that MSRV bumps are not considered breaking changes in the Rust ecosystem.
In this case, inferno is doing the right thing: we specify the minimum version of ahash that we support, and consumers (and builders) are free to build with whichever version that is at least as new as that within the same major version. The fact that a newer ahash requires a newer version of Rust is unfortunate, but not an error on inferno's part.
To work around this on your end, you can either pin ahash = "0.8, <= 0.8.6" in your Cargo.toml if you're building inferno as a library dependency, or you can run cargo update --precise 0.8.6 -p ahash before running cargo build (or cargo install --path .) if you're building the binaries.
any dependency starting with major version zero (0) is not bound by any semver rules. Each of those dependencies should specify an exact version. For example, ahash 0.8.8 was released a few days ago and it requires a new MSRV, which breaks downstream projects unexpectedly.
There's no way for me with cargo to specify a version of ahash that is used by inferno.
Pinning ahash in Cargo.toml to 0.8.6 would match what this project already uses via the Cargo.lock.