Closed psychon closed 5 months ago
I don't think committing Cargo.lock
is really necessary. MSRV and feature-wise, all of our dependencies are generally stable. rustix
and smol
both have a strict Debian Stable MSRV policy. The only real squeaky wheel is once-cell
, which has been known to make liberal MSRV bumps.
I'd be fine with Dependabot, but it should only make PRs for breaking changes. Otherwise it's kind of pointless as without a pinned Cargo.lock
, Cargo will just automatically bump the deps.
Basically: I just came across https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html and wondered the above.
Personally, I "feel" like x11rb doesn't have many dependencies and thus this is not a large problem. Sure, the output of
cargo tree
is long, but most of that is for "example things" that do not get released (cairo-example
produces 227 lines of output fromcargo tree
). On the other hand,x11rb-async
does produce 58 lines of output...