cargo hangs

[MarkSwanson]

Cargo hangs when I set my dependencies to contain:
urlencoded = "=0.2.0"

I can't use: urlencoded = "0.2.0" because that will actually fetch 0.2.1 and break my build (serde incompatibility).

How can I help you debug this?

Thanks!

[steveklabnik]

What versions of things are you using, and what platform are you on? I just made a new project and it worked for me.

[alexcrichton]

I think that this is a dupe of #2090, but thanks for the report!

[alexcrichton]

The best way to fix this currently (not a great solution long term of course) is:

• Relax the constraints in your dependency graph, for example removing = dependencies
• Use cargo update -p foo --precise bar to go backwards in time for crates.

[MarkSwanson]

Thanks for the comments folks.

Linux, nightly-2016-01-28.
The process seems to be:
10 set dependencies
20 work for a week
30 everything breaks because some dependency has been automatically updated.
40 spend an increasing amount of time manually walking the dependency graph trying to find some combination that works.
50 goto 20

I'm sure I'm using Cargo incorrectly.
I believe the root cause of my problem is probably that I'm not using cargo update --package and --precise (I'm taking the easy way out and deleting my Cargo.lock file which gives Cargo free reign to bring in updated versions).

Still, I don't know if this is enough because if we add a new dependency in Cargo.toml, Cargo might automatically bump versions of existing dependencies in Cargo.lock? Because the default is ^ ?

I struggled with SPEC and PRECISE - some examples in 'cargo help update' would be appreciated.
I could not find a definition for them. 'cargo help pkgid' doesn't help as it still doesn't define those terms.

It's a struggle to ensure a large and growing number of packages (95% are libraries) all use the same versions during testing/qa/ci/staging/production. It seems we have to go against best practices (?) and git commit Cargo.lock for all packages (libraries and binaries).

The easiest way to ensure the versions are the same would be to just copy/paste common Cargo.toml dependencies that are defined using "=". Otherwise every time we add a dependency we have to manually set its version using --precise (manual, error prone).

Perhaps it would help if we wrote a tool that analyzed all project Cargo.lock files and suggested cargo update commands to help us keep things in sync?

[alexcrichton]

It may sound like you're possibly not leveraging Cargo.lock to the fullest extent? Some thoughts:

• I'd recommend never deleting Cargo.lock. Whenever new dependencies are updated Cargo will attempt to reuse dependencies as much as possible from Cargo.lock and will try to not disturb the graph structure.
• When updating crates, use cargo update -p to only update one package in the dependency graph, Cargo will automatically attempt to conservatively update as little of the graph as possible to accommodate a package update.
• If you're not getting reproducible builds it means you're not committing Cargo.lock into your repo, which is highly recommended for applications.

[steveklabnik]

... alex beat me to it, that's exactly what I was going to say :)