search

mitsuhiko / insta

A snapshot testing library for rust
https://insta.rs
Apache License 2.0
2.15k stars 98 forks source link

`Cargo.lock.msrv` is outdated and missing packages #498

Closed oxalica closed 1 month ago

oxalica commented 3 months ago

What happened?

On both tag 1.39.0 and current master (569bbade9d9ff4bd43fe4138bdcbde00a6bf34c4), the Cargo.lock.msrv is outdated and some dependencies are missing from lock file.

This affects downstream distro packager like nixpkgs (https://github.com/NixOS/nixpkgs/issues/317404) since we requires a frozen lock file with all necessary hashes included.

Reproduction steps

  1. cp Cargo.lock.msrv Cargo.lock
  2. cargo build -p cargo-insta --locked
  3. Fail.

When running cargo build -p cargo-insta without --locked flag, it will update the lock file with the following change:

diff --git a/Cargo.lock b/Cargo.lock
index 3528d98..070391e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -55,7 +55,7 @@ dependencies = [

 [[package]]
 name = "cargo-insta"
-version = "1.37.0"
+version = "1.39.0"
 dependencies = [
  "cargo_metadata",
  "console",
@@ -302,7 +302,7 @@ dependencies = [

 [[package]]
 name = "insta"
-version = "1.37.0"
+version = "1.39.0"
 dependencies = [
  "console",
  "csv",
@@ -313,6 +313,7 @@ dependencies = [
  "pest_derive",
  "regex",
  "ron",
+ "rustc_version",
  "serde",
  "similar",
  "similar-asserts",
@@ -526,6 +527,15 @@ dependencies = [
  "serde",
 ]

+[[package]]
+name = "rustc_version"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+dependencies = [
+ "semver",
+]
+
 [[package]]
 name = "rustix"
 version = "0.37.19"

Insta Version

both 1.39.0 and master

rustc Version

1.78.0

What did you expect?

cargo build -p cargo-insta --locked should succeed without updating the lock file or recalculation any dependency hashes.

I'd like to actually commit Cargo.lock to the repository to prevent future mis-synchronization issue. Otherwise, we should at least add --locked in CI to catch it.

mitsuhiko commented 3 months ago

Upholding that is tricky. The purpose of the msrv lock here is really just to ensure that the CI passes. However I agree that this is not ideal for the cargo-insta case and a regression from when we had a dedicated lock file for it. I was hoping the binaries we distribute now solve that case for most users. I will have a look.

max-sixty commented 1 month ago

Closed by #524