Il ven 1 nov 2024, 11:21 Junjie Mao <junjie....@hotmail.com> ha scritto:
> How about specifying also the exact version in Cargo.toml, e.g.:
>
> [dependencies]
> -proc-macro2 = "1"
> -quote = "1"
> -syn = { version = "2", features = ["extra-traits"] }
> +proc-macro2 = "=1.0.84"
> +quote = "=1.0.36"
> +syn = { version = "=2.0.66", features = ["extra-traits"] }
>
>
Unfortunately, versions of nested dependencies, such as either and
> unicode-ident, may still have newer patch versions after a lockfile
> regeneration. That can be worked around by turning nested dependencies
> to direct ones with fixed version constraints, but looks quite ugly.
>
Yeah, that's the reason why I didn't do it... Since we don't have any
security-sensitive dependencies, changes to the lock files are going to be
rare and it's easier to just look at them more closely.
Paolo
--
> Best Regards
> Junjie Mao
>
>
