[tor-bugs] #27130 [Core Tor/Tor]: rust dependency updating instructions don't work
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 20 18:50:40 UTC 2018
#27130: rust dependency updating instructions don't work
-------------------------------------------------+-------------------------
Reporter: cyberpunks | Owner: (none)
Type: defect | Status:
| needs_information
Priority: Medium | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.3.9
Severity: Normal | Resolution:
Keywords: rust, doc, 033-backport, | Actual Points:
034-backport |
Parent ID: | Points:
Reviewer: catalyst | Sponsor:
-------------------------------------------------+-------------------------
Comment (by catalyst):
Replying to [comment:12 cyberpunks]:
> Replying to [comment:11 catalyst]:
> > I just tried it. It looks like I have to run `cargo update` to update
`Cargo.lock` to a newer version of `libc`, and `cargo vendor` doesn't try
to change it.
>
> Did you make any crate actually require a newer version of libc? That's
in the instructions as the first step.
Thanks, that seems to have helped.
>
> > To add/remove/update dependencies, first add your dependencies into
the appropriate *crate-level* `Cargo.toml`
>
> If dependencies are being updated, it would be because there's a reason
for it and you now require a new minimum version, right?
As [comment:8 teor mentioned above], what if an older version of a
dependency had bugs or security vulnerabilities? Then we might want the
newest compatible version without explicitly bumping the minimum version
in `Cargo.toml`.
> Pushed a commit to maybe make the instructions a bit clearer.
Thanks. Could you please also explain why someone might want to manually
edit versions in `Cargo.toml` versus running `cargo update`?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27130#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list