Relax constraints on dependencies to minimal semver #6
+19
−19
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This relaxes the semver constraints on the dependencies to be the minimal that compiles. This allows more flexible integration of
gha-toolkit
into existing codebases, that may already use some of the dependencies, at lower versions.For example, I'm experimenting with integrating
gha-toolkit
into https://github.com/pantsbuild/pants, which already depends onreqwest
0.11.11 andthiserror
1.0.30 (among others). Before this PR,gha-toolkit
previously requiredreqwest
>= 0.11.13 andthiserror
>= 1.0.37, which means those dependencies would have to be duplicated. This works fine with cargo, but costs compile time and potential confusion.I've chosen the version constraints here by:
0.11
for reqwest)cargo +nightly update -Z minimal-versions
to have cargo lock to the minimal versionscargo build
, noticing errors and then bumping an appropriate minimal version constraint (for instance,#[error(transparent)]
requires https://github.com/dtolnay/thiserror/releases/tag/1.0.7, so I had to increase thethiserror = "1"
constraint tothiserror = "1.0.7"
)This change shouldn't affect any existing users of the library, since this is strictly more permissive: a locked set of dependencies for users of
gha-toolkit
0.3.1 will also satisfy these new constraints.(Thank you for
gha-toolkit
!)