Problem
There are several issues might need a bump of Cargo.lock version when fixing them. Here is a non-exhaustive list I kept in my notebook for a while.
- The lockfile is ambiguous when two packages are actually the same rev (due to different branch names or using short rev)
- Query string is not properly serialized in
SourceId, especially for branch names (use git check-ref-format --branch <name> to check)
- Path dependencies are ambiguous when theirs names and versions collide
- Sparse registry migration. Use
sparse+ in Cargo.lock for alternative registries.
- Remove optional dependencies in Cargo.lock
- Cargo.lock contains package's own version. Might be unnecessarily.
- Some unused patches are not recorded correctly in the lockfile.
Proposed Solution
We could have put corresponding fixes and the lock version bump behind an unstable feature. When we collect enough changes, bump it altogether. Keep in mind that ship too many large-scale changes in a bump might also be a bit risky.
Notes
No response
Problem
There are several issues might need a bump of
Cargo.lockversion when fixing them. Here is a non-exhaustive list I kept in my notebook for a while.SourceId, especially for branch names (usegit check-ref-format --branch <name>to check)Cargo.lockformat at this time, path dependencies must all have unique names.sparse+inCargo.lockfor alternative registries.sparse+protocol.Cargo.lock#10801Proposed Solution
We could have put corresponding fixes and the lock version bump behind an unstable feature. When we collect enough changes, bump it altogether. Keep in mind that ship too many large-scale changes in a bump might also be a bit risky.
Notes
No response