rust-lang / cargo

The Rust package manager
https://doc.rust-lang.org/cargo
Apache License 2.0
12.87k stars 2.43k forks source link

`cargo add <name>@latest` support #10741

Open epage opened 2 years ago

epage commented 2 years ago

Problem

cargo add allows modifying an existing dependency entry, changing the version req (cargo add <name>@<version-req>), adding features, etc. Two things lacking

Proposed Solution

Other ecosystems have a latest label that is a stand-in for the registry's highest version requirement for the package

Notes

This does not replace the need for bulk-upgrading, see https://github.com/rust-lang/cargo/issues/10498

joshtriplett commented 2 years ago

I personally would spell this cargo update -p somecrate -s to upgrade to the latest compatible version, or cargo update -p somecrate -i if wanting to upgrade to the latest version ignoring compatibility. I don't think this should go under cargo add.

lgarron commented 1 year ago

Coming from https://github.com/rust-lang/cargo/issues/12331#issuecomment-1642553762 to indicate my support for this!

I use @latest frequently with npm. There's plenty of cognitive friction between different ecosystems, but there would be one less if cargo also supported this!

epage commented 1 year ago

Is it purely from muscle memory that you want to use @latest or is there a change in behavior, for example

If for muscle memory, the part that seems odd to me is that @latest is a lot more to type.

lgarron commented 1 year ago

It's from dealing with over half a dozen package managers that all do things slightly differently:

As a matter of UX, I think there's not a lot of value in understanding and memorizing these nuances — I just want to install/update a package and keep coding.

For example: when I publish a package and then immediately use it in another project, @latest tends to be the most reliable for me (at least when using npm). There might be another way, but this way is explicit and clear — if the command succeeds, I should now have the latest version. I'd love it if I could do the same with cargo instead of having to remember whether it's done differently. One less thing to stumble over while trying to have a productive coding session. 🤓

epage commented 1 year ago

As a matter of UX, I think there's not a lot of value in understanding and memorizing these nuances — I just want to install/update a package and keep coding.

This actually makes me hesitant to move forward with this. A cargo add foo@latest would have different semantics than cargo add foo and when those differences would show up, you should probably be using cargo add foo unless you are making a very conscious choice. If supporting cargo add foo@latest is for unconscious choices then that is leading people down the wrong path and would be a bad UX.

lgarron commented 1 year ago

I keep running into this. I can't figure out how to do this using cargo update or cargo add, and Google is useless: https://www.google.com/search?q=cargo+update+a+dependency+to+the+latest+version

At this point I'm trying to address security vulnerability alerts by removing packages from Cargo.toml one-by-one and adding them back from scratch using cargo add.

epage commented 1 year ago

cargo add and cargo remove were merged in from a bundle of tools called "cargo-edit". We haven not yet merged cargo-upgrade but you can cargo install cargo-edit to get it. FCP for #12425 is about to close after which we'll have a subset of cargo upgrade directly in cargo update.