alamb commented on PR #6337: URL: https://github.com/apache/arrow-rs/pull/6337#issuecomment-2323306423
As I understand it, technically the only reason it would be **necessary** to update this project to depend on `prost 0.12.2` (rather than `prost 0.12`) is if this project used some feature that was introduced in `prost 0.12.1` or `prost 0.12.2` that was not present in `prost 0.12.0`. I don't think it is particularly easy to check when this "use a new API in a depedency" happens because our CI tests are always run on the latest released version of the dependencies. The CI tests run on the latest version of the dependencies on purpose so that we aren't continually in reactionary mode dealing with updated new releases If we had bandwidth and this testing gap was a concern, we could implement more sophisticated tests / processes for dependency management (such as using a Cargo.lock file for testing, as @Xuanwo mentioned) or various other ideas -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
