On Fri, Mar 15, 2019, 15:39 Andreas Tolfsen <a...@sny.no> wrote: > However, I want to talk a little bit about _why_ we see so many > duplicate crates and what causes it. It is my experience that far > too many dependencies are defined on exact version numbers, e.g. > "log = 0.3.9", which effectively forces us to vendor that exact > version in-tree. >
While I initially thought the same thing, this is not how Cargo's dependencies work: 0.3.9 in this context means "everything semver-compatible with 0.3.9", so 0.3.10 would be accepted in this instance. However, 0.4.0 by definition is semver-incompatible with 0.3.x (that is, the normal incompatibility between 1.x and 2.y is moved one component to the right if the first component is 0). > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform