Lock the version of `arbitrary` dependency
yanganto opened this issue · 4 comments
Hi there,
The arbitrary dependency of libfuzzer-sys is not locked.
The 1.1 version of arbitrary can be built with rustc 1.62.1.
But 1.2 version of arbitrary can be built with rustc 1.63 or newer.
I run into issues with building an old version of an application with a specified rust version, which depends on libfuzzer-sys. We can avoid this in the future to dep on arbitrary = 1.1 or arbitrary = 1.2 not arbitrary = ^1.
Thanks in advanced.
Can you not lock arbitrary to a lower version in your package?
In general this is tooling so maintaining rust version compat isn't as important, and as a project we don't consider changes to the rust version requirement to be breaking.
In this specific case you can use cargo update to locally pin. Cargo's designed to give authors resilience to this.
Furthermore, arbitrary = "1.1" would still not fix this, you need an arbitrary = "=1.1" constraint, which is generally considered bad practice.
Hi @Manishearth,
Thanks for the response, and it is not really breaking changes.
I appreciate your work and I did not picky.
Just for your reference.
The arbitrary = "=1.1" does not fix this scenario.
Here is the exact case I run into if you are willing to know the detail.
https://github.com/yanganto/nearcore/tree/maintenance-window-1.29.0
cargo build --bin neard
Updating crates.io index
error: packagederive_arbitrary v1.2.0cannot be built because it requires rustc 1.63.0 or newer, while the currently active rustc version is 1.62.1
Yes, that's what I said, that's insufficient to pin the version. Use cargo update -p arbitrary --version whatever