Rust Lang

7 readers

1 users here now

Rules [Developing]

Observe our code of conduct

Strive to treat others with respect, patience, kindness, and empathy.
We observe the Rust Project Code of Conduct.
Submissions must be on-topic
Posts must reference Rust or relate to things using Rust. For content that does not, use a text post to explain its relevance.
Post titles should include useful context.
For Rust questions, use the stickied Q&A thread. [TBD]
Arts-and-crafts posts are permitted on weekends.
No meta posts; message the mods instead.

Constructive criticism only

Criticism is encouraged, though it must be constructive, useful and actionable.
If criticizing a project on GitHub, you may not link directly to the project’s issue tracker. Please create a read-only mirror and link that instead.
Keep things in perspective
A programming language is rarely worth getting worked up over.
No zealotry or fanaticism.
Be charitable in intent. Err on the side of giving others the benefit of the doubt.

No endless relitigation

Avoid re-treading topics that have been long-settled or utterly exhausted.
Avoid bikeshedding.
This is not an official Rust forum, and cannot fulfill feature requests. Use the official venues for that.

No low-effort content

Showing off your new projects is fine

No memes or image macros

Please find other communities to post memes

No NSFW Content

There are many other NSFW communities, let’s keep this related to the language

founded 1 year ago

MODERATORS

admin@lemmyrs.org

erlend_sh@lemmyrs.org

Why I import crates with version=* (lemmy.world)

submitted 1 year ago by njaard@lemmy.world to c/rustlang@lemmyrs.org

7 comments fedilink hide all child comments

In my very large Rust-based project of about 100k lines of code, 100 direct dependencies, and 800 total dependencies, I always require version="*" for each dependency, except for specific ones that either I cannot or don't want to upgrade.

Crucially, I also commit my Cargo.lock, as the Cargo manual recommends.

I normally build with cargo --locked. Periodically, I will do a cargo update and run cargo outdated so that I'm able to see if there are specific packages keeping me at older versions.

To upgrade a specific package, I can just remove it's record directly from Cargo.lock and then do a regular cargo build.

This works very well!

Advantages

I minimize my number of dependencies, and therefor build times
I keep my personal ecosystem from falling too far behind that of crates.io
I rarely wind up with a situation where I have two dependencies that depend on a different symbol version
I don't have to change a version in all of my many Cargo.tomls

Disadvantages

I cannot publish my large repository to a wider audience (but that will never happen for this repository)
People who see my code start feeling ill and start shifting their eyes nervously.

you are viewing a single comment's thread
view the rest of the comments

[–] njaard@lemmy.world 1 points 1 year ago (1 children)

In practice, I have about 10% of my dependencies not have the latest version, according to cargo-outdated, once I complete a cargo update.

[–] PrincipleOfCharity@0v0.social 1 points 1 year ago (1 children)

For personal projects this is fine, but I’m curious why you feel the need to have every crate be the newest? Once you have it compiling, why upgrade dependencies at all unless you have to? Compiling a new binary is way more work than just running the one that is already compiled. You talk about minimizing build times with this method, but it isn’t clear why recompiling at all with newer dependencies is beneficial.

Theoretically, every update to a crate is better than the last, but sometimes it’s just adding non-breaking features that you weren’t using anyway. You could just check crate updates every once in a while looking for performance gains or features you would like to make use of.

[–] anlumo@feddit.de 1 points 1 year ago

Could also be performance benefits. You could research into updates of every dependency (and some crates don't publish changelogs, so you have to dive through commit messages), but who has the time for that?