Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo upgrade should default to --skip-compatible #552

Open
djc opened this issue Dec 16, 2021 · 5 comments · Fixed by #734
Open

cargo upgrade should default to --skip-compatible #552

djc opened this issue Dec 16, 2021 · 5 comments · Fixed by #734
Labels
cargo-upgrade enhancement

Comments

@djc
Copy link

djc commented Dec 16, 2021

For library crates, updating all dependency requirements in Cargo.toml to the latest semver-compatible versions is harmful to the ecosystem, as this makes it harder to resolve versions in case of for example yanking. I was already using --skip-compatible for my project, but just noticed that another library crate used cargo upgrade to force dependency upgrades this way, making it impossible to use the latest version of that crate after the latest futures version was yanked.
@epage epage mentioned this issue Jan 29, 2022
Closed
@epage epage mentioned this issue Mar 31, 2022
Open
11 tasks
@epage
Copy link
Collaborator

epage commented Jul 14, 2022

Been thinking about this more and I think it makes sense to make it the default. The main question is how to present that to the user.

When looking at the behavior of cargo upgrade, I also realized the default behavior has a lot of overlap with --to-lockfile. We actually have --skip-compatible and --to-lockfile conflict with each other. This got me thinking that maybe we make --skip-compatible the default and --to-lockfile is the only way to force upgrading compatible fields.

Another challenge is we also want to preserve the precision but --skip-compatible and precision preservation are difficult to get to work together.

epage added a commit to epage/cargo-edit that referenced this issue Jul 14, 2022
@epage
fix(upgrade): Make --skip-compatible default
b711736 
Fixes killercup#552
@epage epage mentioned this issue Jul 14, 2022
Merged
@epage
Copy link
Collaborator

epage commented Sep 9, 2022

Based on the feedback, I'm considering reverting this.

If I understood a comment from the Issue's author, it sounds like they've changed their mind

(I also think we should optimize for applications more than libraries, similar to how cargo init has already decided that --bin should be the default over --lib.)

epage added a commit to epage/cargo-edit that referenced this issue Sep 9, 2022
@epage
fix(upgrade): Always upgrade compatible dependencies
0d29a87 
As part of feedback on `cargo-upgrade` being merged into `cargo`, we are
looking into how we can make `upgrade` fit into `update` or be a direct
replacement for `update`.  In doing so, the "skip compatible by default"
workflow doesn't quite fit the same.  Similarly, manifests, in theory,
will always match the lock file, so there will be less of a reason to
upgrade the manifests only.

We'll need to re-open killercup#552 and killercup#297 until we figure out how we want to
handle this.
@epage epage mentioned this issue Sep 9, 2022
Merged
@epage
Copy link
Collaborator

epage commented Sep 9, 2022

See #786

@epage epage reopened this Sep 9, 2022
@djc
Copy link
Author

djc commented Sep 12, 2022

As a reviewer of application PRs, I would dislike PRs that mix incompatible updates and compatible updates to Cargo.toml in the same commit, because that makes it very hard to distinguish the two cases, which IMO are very different. But I definitely think it would make sense to merge cargo upgrade functionality into cargo update, in which case some kind of option would be needed anyway.

(I personally don't see it make sense to deprecate update because that seems to cause much more churn for the larger ecosystem compared to deprecating upgrade and merging it into update.)

@epage
Copy link
Collaborator

epage commented Sep 12, 2022

As a reviewer of application PRs,

Could you add this to the thread?

(I personally don't see it make sense to deprecate update because that seems to cause much more churn for the larger ecosystem compared to deprecating upgrade and merging it into update.)

In general, we've been running into limitations with compatibility. Simple cargo-upgrade operations are becoming a soup of cargo-update flags (cargo update --incompatible --save just to get the old cargo upgrade behavior, not even getting into split use cases like yours)

So we're having to balance the ecosystem churn with usability and workflows.

This was referenced Nov 23, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cargo-upgrade enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(upgrade): Make --skip-compatible default epage/cargo-edit
2 participants
@epage @djc