Dependency linking to other than crates.io needed explicit update before noticing change of HEAD

[Nevsden]

Problem My cargo.toml contains a dependency linking to a certain branch of a GitHub repo. After pushing changes to the GitHub repo, I was expecting that rust would notice that the branch HEAD points to the newest commit hash and thus update the dependency itself. It did not.

Looking into the checked out version of the dependency I noticed that the change I made to the repo was not yet acknowledged by cargo. Therefore I had to explicitely use cargo update -p <Dependency>.

I am not sure, if this is wanted by the cargo ecosystem, therefore I want to report this behaviour.

Maybe I must add, that the dependency project is a private GitHub project and I use git_fetch_with_cli==True.

Steps Let me first say, that I have not yet tested these steps. They just sum up a general procedure, which could very possibly lead to the behaviour.

1. Create a new project with cargo new ....
2. In the cargo.toml link to a dependency project other than crates.io.
3. Run a cargo command like cargo clippy.
4. Update the dependency project by making a breaking change that will lead to an error inside the rust project.
5. Run the cargo command again and notice, that the checked out version of the dependency project still points to the version before the change.

Possible Solution(s)

Notes

Output of cargo version:

cargo clippy --all-targets --all-features -- -D warnings
    Checking ghost v0.9.0 (<PATH>)
error[E0603]: module `arc_ball` is private
 --> ghost\src\visualizer\control.rs:6:21
  |
6 | use kiss3d::camera::arc_ball::CoordSystem;
  |                     ^^^^^^^^ private module
  |
note: the module `arc_ball` is defined here
 --> C:\..\checkouts\kiss3d-f75a2a6684f3b637\ddc4d26\src\camera\mod.rs:9:1
  |
9 | mod arc_ball;
  | ^^^^^^^^^^^^^

error[E0603]: module `arc_ball` is private
 --> ghost\src\visualizer\control.rs:6:21
  |
6 | use kiss3d::camera::arc_ball::CoordSystem;
  |                     ^^^^^^^^ private module
  |
note: the module `arc_ball` is defined here
 --> C:\..\checkouts\kiss3d-f75a2a6684f3b637\ddc4d26\src\camera\mod.rs:9:1
  |
9 | mod arc_ball;
  | ^^^^^^^^^^^^^

error: aborting due to previous error

For more information about this error, try `rustc --explain E0603`.
error: could not compile `ghost`.

[ehuss]

I believe this is intended behavior. One of the fundamental aspects of Cargo is that it has a Cargo.lock file which locks the dependencies to a specific version. With the lock file in place, Cargo will not automatically fetch a new version. You will need to run cargo update to tell it to update the locked version.

[de-sh]

@ehuss I seem to have the opposite issue. I am on nightly-1.47.0 (2020-07-23). Does this seem to be concerning enough to open an issue, or has it already been noticed?

Steps to reproduce error

• Changed repo url to a completely unrelated crate.
• cargo build
• Cargo.lock was updated to contain HEAD of branches, hashes not defined by rev were changed in lock file

(New here)

Edit: here is a asciinema reenactment, please skip unrelated changes. You can find the commit mentioned here

[ehuss]

If you change a dependency in Cargo.toml (such as the url), cargo build will automatically update the Cargo.lock entries for that dependency.