Single-Version Packages. #73
Comments
|
It would be nice to have a command in Cargo for getting a summary of the dependencies. Perhaps it could generate a graph or something. Maybe we could use the API and create a tool on top of Cargo. I think we will manage to plan releases with check lists to get everything correctly. However, dependencies gets very complex over time. |
|
Eventually, Cargo will write out the resolved dependencies to a lockfile. |
|
This problem is the kind of thing that led npm to |
|
Maven has a similar notion called 'provided dependencies'. It works pretty nicely. |
carols10cents
added
A-crate-dependencies
|
This sounds like public dependencies, that is, once that RFC is implemented, Please reopen if I'm missing something! |
…ichton Update glob requirement from 0.2.11 to 0.3.0 Updates the requirements on [glob](https://github.com/rust-lang/glob) to permit the latest version. <details> <summary>Commits</summary> - [`b003dc3`](rust-lang/glob@b003dc3) Merge pull request [#75](https://github-redirect.dependabot.com/rust-lang/glob/issues/75) from rust-lang-nursery/cargo/0.3.0 - [`f73ddef`](rust-lang/glob@f73ddef) prepare for 0.3.0 release - [`20c2f9f`](rust-lang/glob@20c2f9f) Merge pull request [#73](https://github-redirect.dependabot.com/rust-lang/glob/issues/73) from rust-lang-nursery/ci/explicit-version - [`ab51aaa`](rust-lang/glob@ab51aaa) add an explicit version to check in CI - [`1b5b670`](rust-lang/glob@1b5b670) Merge pull request [#71](https://github-redirect.dependabot.com/rust-lang/glob/issues/71) from g-s-k/clone-derive - [`2f09a1f`](rust-lang/glob@2f09a1f) ran cargo fmt - [`3c53061`](rust-lang/glob@3c53061) removed borrow in doctest - [`507a084`](rust-lang/glob@507a084) don't assume `macos` target os has a /root directory - [`1b7759c`](rust-lang/glob@1b7759c) fix borrow/pass-by-value errors in tests - [`0d6f408`](rust-lang/glob@0d6f408) use !is_empty rather than len > 0, for _ in &_ rather than for _ in _.iter() - Additional commits viewable in [compare view](rust-lang/glob@0.2.11...0.3.0) </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details>
In Piston, we have a pattern where in order to decouple dependencies and achieve maximum independence, we split up a interface and it's implementation(s) into multiple projects.
The interface does not depend on the implementations, but the opposite is true. For example:
What we would really like is a way to make sure that the two
pistonrepositories in the tree are the exact same version. A user could theoretically pick piston-3.0 and some_piston_backend-1.0 (that depends on piston-1.0).I'm not sure what resolution strategy Cargo is planning on using for this, but I would like the option as a maintainer of
pistonto be able to say "THERE CAN ONLY BE ONE" and fail at the cargo package fetching stage. Anything else would either run (and have terrible bugs) or fail at compile time with confusing error messages.Edit: A more detailed example of what could go wrong: PistonDevelopers/piston#430
The text was updated successfully, but these errors were encountered: