From what I've seen, semver isn't being used to it's full extent yet, especially with libraries working on nightly. Locking to particular versions tends to make rustups harder (and leads to multiple versions of the same package being used). The breaking changes in libraries seem less common and breaking than breaking changes in, say, plugins, so IMO we should stick to Cargo.lock for pinning and use `mach update-cargo -a` during rust upgrades.
Though I would like to eventually start pinning to semver APIs. It would be nice if Cargo had a tool for unconditionally upgrading the versions in toml files though. -Manish Goregaokar On Tue, Jun 16, 2015 at 2:22 AM, Simon Sapin <simon.sa...@exyr.org> wrote: > Some of our dependencies to crates on crates.io are declared in > Cargo.toml files like this: > > [dependencies] > foo = "*" > > To be honest, I’m not sure why. With such a declaration, `cargo update` > will happily update the foo library to its latest version, whatever it is. > > There’s a number of things we can write instead of "*" (documented in > http://doc.crates.io/crates-io.html ), but another way looks like this: > > [dependencies] > bar = "0.1.3" > > This looks like we’re specifying a dependency on one precise version, but > we’re not. "0.1.3" is equivalent to "^0.1.3" which means anything that is > compatible with 0.1.3 per Semantic Versionning, namely ">=0.1.3 <0.2". > > If we follow Semantic Versionning and increment the first non-zero > component of the version number for breaking changes and another component > for backward-compatible changes, and also use this kind of dependency > declaration, then `cargo update` will pick up any new version that are > compatible, but none with breaking changes. > > I think we should do this. > > (Breaking changes would most likely require changing some source code, so > changing the dependency declaration at the same time isn’t too much of a > bother.) > > -- > Simon Sapin > _______________________________________________ > dev-servo mailing list > dev-servo@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-servo > _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
