Pin intra-libcnb* crate dependencies to exact versions #644
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cargo treats dependency version specifiers of form `X.Y.Z` the same as `^.X.Y.Z`: https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#caret-requirements As such, previously if an end user of libcnb tried pinning to say `libcnb` 0.14.0, then its previous dependency on `libcnb-data` `0.14.0` would mean any patch releases to `libcnb-data` (such as `0.14.1`) would be automatically picked up. This could be potentially confusing, especially since we only have one unified version number and changelog for libcnb now. For example: 1. A buildpack maintainer has an issue with a libcnb upgrade, so pins to `libcnb@=0.14.0` in their CNB's `Cargo.toml`. 2. However, Cargo when refreshing their CNB's `Cargo.lock` now records the `libcnb-data` version as `0.14.1`, since it's in-range. 3. Now their CNB is using a combination of 0.14.0 and 0.14.1, which confuses the buildpack maintainer, since as far as they are concerned they are using libcnb 0.14.0, and so they don't expect the changes documented under the `0.14.1` section of libcnb's unified changelog to be taking effect.
Malax
approved these changes
Aug 18, 2023
colincasey
added a commit
that referenced
this pull request
Aug 18, 2023
* main: Bump buildpacks/github-actions from 5.3.1 to 5.4.0 (#647) Prepare release v0.14.0 (#646) Pin intra-libcnb* crate dependencies to exact versions (#644) Rename libcnb-cargo integration test file (#645) Add version links in the changelog (#643) Update Quick Start Guide (#640) Run `cargo upgrade` as part of preparing libcnb releases (#641) Move packaged buildpack directory out of `target/` (#583) Refactor libcnb-cargo integration tests (#637) libcnb-test: Improve error messages for `address_for_port` (#636) libcnb-test: Implement `fmt::Display` for `LogOutput` (#635) # Conflicts: # CHANGELOG.md # libcnb-cargo/src/package/command.rs
colincasey
added a commit
that referenced
this pull request
Aug 18, 2023
…cator * main: Bump buildpacks/github-actions from 5.3.1 to 5.4.0 (#647) Prepare release v0.14.0 (#646) Pin intra-libcnb* crate dependencies to exact versions (#644) Rename libcnb-cargo integration test file (#645) Add version links in the changelog (#643) Update Quick Start Guide (#640) Run `cargo upgrade` as part of preparing libcnb releases (#641) Move packaged buildpack directory out of `target/` (#583) Refactor libcnb-cargo integration tests (#637) libcnb-test: Improve error messages for `address_for_port` (#636) libcnb-test: Implement `fmt::Display` for `LogOutput` (#635) # Conflicts: # CHANGELOG.md # libcnb-cargo/src/package/command.rs # libcnb-cargo/src/package/error.rs # libcnb-cargo/tests/test.rs # libcnb-package/src/lib.rs
colincasey
added a commit
that referenced
this pull request
Aug 18, 2023
… libcnb-package/assembling_buildpack_directories * libcnb-package/buildpack_output_directory_locator: Bump buildpacks/github-actions from 5.3.1 to 5.4.0 (#647) Prepare release v0.14.0 (#646) Pin intra-libcnb* crate dependencies to exact versions (#644) Rename libcnb-cargo integration test file (#645) Add version links in the changelog (#643) Update Quick Start Guide (#640) Run `cargo upgrade` as part of preparing libcnb releases (#641) Move packaged buildpack directory out of `target/` (#583) Refactor libcnb-cargo integration tests (#637) libcnb-test: Improve error messages for `address_for_port` (#636) libcnb-test: Implement `fmt::Display` for `LogOutput` (#635) # Conflicts: # CHANGELOG.md # libcnb-cargo/src/package/command.rs # libcnb-package/src/output.rs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cargo treats dependency version specifiers of form
X.Y.Zthe same as^X.Y.Z:https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#caret-requirements
As such, previously if an end user of libcnb tried pinning to say
libcnb0.14.0, then its previous dependency onlibcnb-data0.14.0would mean any patch releases tolibcnb-data(such as0.14.1) would be automatically picked up.This could be potentially confusing, especially since we only have one unified version number and changelog for libcnb now.
For example:
libcnbto=0.14.0in their CNB'sCargo.toml.Cargo.locknow records thelibcnb-dataversion as0.14.1, since it's in-range.0.14.1section of libcnb's unified changelog to be taking effect.GUS-W-13973440.