Comment by epage

Comment by epage 5 hours ago

0 replies

View on Hacker News

> The problem is that sometimes library may need to pin a dependency version.

We on the Cargo team have been working to educate people on the problems with pinning in Cargo.toml instead of relying on Cargo.lock

> Then the library authors may want to use newer language features on their API. Then they simply bump the library mayor version and maintain only that. So an old dependencies will not get updates.

Thankfully, the ecosystem has mostly settled on build requirements not being subject to SemVer and bump Rust versions in compatible releases. There are a few hold outs.