xxchan commented on issue #4: URL: https://github.com/apache/avro-rs/issues/4#issuecomment-2368392505
> Is @Xuanwo and @xxchan the same person ? ... No > As you suggested you could use Cargo.lock to use older versions of the transitive dependencies. > By using "serde = 1" you just let Cargo to use whatever it decides if there is no Cargo.lock and the version in Cargo.lock if it is there. > I prefer to have control over the versions. > The same is valid in the Node.js world. Without package.lock one have no idea what is going on. No, you might misunderstood Cargo's dependency management mechanism, which is very different with npm. If `A` depends on `B`, `A` and `B` both depend on `C`: - In Cargo, there's only one copy of `C` (if sem-ver compatible). - In npm, `A` and `B` depends on different copies of `C` -- This makes it reasonable to have `package.lock` for a library. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
