Open
Description
Problem
There are several issues might need a bump of Cargo.lock version when fixing them. Here is a non-exhaustive list I kept in my notebook for a while.
- The lockfile is ambiguous when two packages are actually the same rev (due to different branch names or using short rev)
- Query string is not properly serialized in
SourceId, especially for branch names (usegit check-ref-format --branch <name>to check) - Path dependencies are ambiguous when theirs names and versions collide
- Unavoidable Cargo.lock package collision occurs if path dependencies share same name and version #10353
- Alex's reply: This is an intended limitation of the
Cargo.lockformat at this time, path dependencies must all have unique names. - Cargo fails to compile a crate if it's included multiple times at different paths #8639 is simlilar but they said rustc can handle that.
- Sparse registry migration. Use
sparse+inCargo.lockfor alternative registries.- sparse registry: determine UX and URL handling #10964
- If we want this. Do we need to have a new lockfile version, as old cargos are not able to understand
sparse+protocol.
- Remove optional dependencies in Cargo.lock
- Cargo.lock contains package's own version. Might be unnecessarily.
- Some unused patches are not recorded correctly in the lockfile.
Proposed Solution
We could have put corresponding fixes and the lock version bump behind an unstable feature. When we collect enough changes, bump it altogether. Keep in mind that ship too many large-scale changes in a bump might also be a bit risky.
Notes
No response
Metadata
Metadata
Assignees
Type
Projects
Status
No status