By introducing cargo lockfile to the project and examples, we will:
Make Dependabot work. As you may notice, we don't have any PRs from Dependabot even though we had some dependency updates.
Have the best working snapshot via the lockfile. We've seen that some dependencies like wasm-bindgen do not strictly follow semver semantics and somehow introduce breaking changes in patches. (cargo command with --locked feature switch can put us in a working snapshot)
For some added context, the guidance on including lockfiles in libraries has changed during the lifetime of this project, from "don't include lockfiles for libraries" to "maybe include lockfiles for libraries."
By introducing cargo lockfile to the project and examples, we will:
Dependabot
work. As you may notice, we don't have any PRs fromDependabot
even though we had some dependency updates.wasm-bindgen
do not strictly follow semver semantics and somehow introduce breaking changes in patches. (cargo command with--locked
feature switch can put us in a working snapshot)