xxchan opened a new issue, #14962: URL: https://github.com/apache/datafusion/issues/14962
Hi, I see we've checked in `Cargo.lock` recently #14135, and I think it's good! But I'm not sure whether this was discussed: what about not updating `Cargo.toml` (for minor/patch versions), but only `Cargo.lock`? From the discussion, I can see the main motivation is to have reproducible build (agains near latest dependencies) in CI. To achieve this, `Cargo.lock` (updated by bot) is enough. Whether or not updating `Cargo.toml` means whether or not _force_ downstream users to use only the latest dependency versions. Personally I prefer a more tolerable version range, so that downstream can update deps 1 by 1 and audit each dep's changes. FYI in iceberg-rust, we have similar discussions on this topic, and we prefer to have a wider range of versions support, to allow users to choose their dep version (by not updating Cargo.toml too often) https://lists.apache.org/thread/pv3onm41229lovs1odqg94fdc60wcp73 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org For additional commands, e-mail: github-h...@datafusion.apache.org
