alex
commented
1 year ago Can you not lock arbitrary to a lower version in your package?
Closed yanganto closed 1 year ago
alex
commented
1 year ago Can you not lock arbitrary to a lower version in your package?
Manishearth
commented
1 year ago In general this is tooling so maintaining rust version compat isn't as important, and as a project we don't consider changes to the rust version requirement to be breaking.
In this specific case you can use cargo update to locally pin. Cargo's designed to give authors resilience to this.
Furthermore, arbitrary = "1.1" would still not fix this, you need an arbitrary = "=1.1" constraint, which is generally considered bad practice.
yanganto
commented
1 year ago Hi @Manishearth,
Thanks for the response, and it is not really breaking changes. I appreciate your work and I did not picky.
Just for your reference.
The arbitrary = "=1.1" does not fix this scenario.
Here is the exact case I run into if you are willing to know the detail.
https://github.com/yanganto/nearcore/tree/maintenance-window-1.29.0
cargo build --bin neardUpdating crates.io index error: package
derive_arbitrary v1.2.0cannot be built because it requires rustc 1.63.0 or newer, while the currently active rustc version is 1.62.1
Manishearth
commented
1 year ago Yes, that's what I said, that's insufficient to pin the version. Use cargo update -p arbitrary --version whatever
Hi there,
The
arbitrarydependency oflibfuzzer-sysis not locked.The
1.1version ofarbitrarycan be built withrustc1.62.1. But1.2version ofarbitrarycan be built withrustc1.63 or newer.I run into issues with building an old version of an application with a specified rust version, which depends on
libfuzzer-sys. We can avoid this in the future to dep onarbitrary = 1.1orarbitrary = 1.2notarbitrary = ^1.Thanks in advanced.