martin-g commented on issue #4: URL: https://github.com/apache/avro-rs/issues/4#issuecomment-2368371772
> I'm not asking you to change Is @Xuanwo and @xxchan the same person ? > One problem is to force downstream project to upgrade all the transitive dependencies. e.g., when I want to upgrade avro-rs, I not only need to audit changes of avro-rs, but also audit serde, anyhow, ... Because these transitive dependencies might be direct dependencies of my project, and I want to know what's changed to avoid surprise. As you suggested you could use Cargo.lock to use older versions of the transitive dependencies. By using "serde = 1" you just let Cargo to use whatever it decides if there is no Cargo.lock and the version in Cargo.lock if it is there. I prefer to have control over the versions. The same is valid in the Node.js world. Without package.lock one have no idea what is going on. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
