Should we drop the cargo dependency?
- It's big and slow to compile.
- Requires openssl, libgit2.
- Has high MSRV.
- Keeping up with Cargo's API changes is a chore, especially that there are also behavior changes.
I think we could rely on shelling out to command-line for cargo. Anybody running cargo crev is obviously going to have the cargo binary. A combination of cargo metadata, crates-index, and cargo-lock could be enough.
Should we drop the
cargodependency?I think we could rely on shelling out to command-line for
cargo. Anybody runningcargo crevis obviously going to have thecargobinary. A combination ofcargo metadata,crates-index, andcargo-lockcould be enough.