Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commit the Cargo.lock file to build with known working versions of dependencies #1720

Merged
merged 1 commit into from
Aug 25, 2023
Merged

Commit the Cargo.lock file to build with known working versions of dependencies #1720

merged 1 commit into from
Aug 25, 2023

Conversation

badboy
Copy link
Member

@badboy badboy commented Aug 25, 2023

This offloads some care to consumers, as by default they might now pull in transitive dependencies that break UniFFI's MSRV. What they will need to do is cargo update -p $dep --precise $ver where $ver is a version that is MSRV-compatible (and is probably the one uniffi's Cargo.lock file contains)

Alternative to the pinning in #1719
Briefly discussed with Mark in chat.
cargo is changing recommendations around that: https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control

I certainly had confusion in the past due to different versions use locally than in CI until I realized a mismatch in dependencies.
I'm fairly confident this is fine getting pulled into m-c. The lock file will be ignored and only m-c's lockfile counts. m-c will need to ensure transitive dependencies are within MSRV.
Yes, that offloads that responsibility to other places.
But other consumers with higher MSRVs can use those updated transitive dependencies.

@badboy
Commit the Cargo.lock file to build with known working versions of de…
fdea899 
…pendencies

This offloads _some_ care to consumers, as by default they might now
pull in transitive dependencies that break UniFFI's MSRV.
What they will need to do is `cargo update -p $dep --precise $ver`
where `$ver` is a version that is MSRV-compatible (and is probably the
one uniffi's Cargo.lock file contains)
@epage
Copy link

epage commented Aug 25, 2023

For more background and analysis on this change in advice, see rust-lang/cargo#12382 and the issue it closed.

@badboy badboy marked this pull request as ready for review August 25, 2023 16:35
@badboy badboy requested a review from a team as a code owner August 25, 2023 16:35
@badboy badboy requested review from jhugman and removed request for a team August 25, 2023 16:35
@badboy badboy merged commit 568fa4f into main Aug 25, 2023
@badboy badboy deleted the commit-cargolock branch August 25, 2023 17:37
@badboy badboy mentioned this pull request Aug 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhammond mhammond mhammond approved these changes

@jhugman jhugman Awaiting requested review from jhugman jhugman is a code owner automatically assigned from mozilla/uniffi-devs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@badboy @epage @mhammond