top | item 47193369

(no title)

ryangibb | 2 days ago

> Presumably you mean compatible rather than incompatible there?

I've edited for clarity, I mean "because packages with different major versions should have incompatible APIs anyway."

> While you can specify upper bounds for the depdnency ranges, that is extremely uncommon in practice.

In https://github.com/rust-lang/crates.io-index I count just under 7000 upper bounds on dependency ranges that aren't just semver in disguise (e.g. not ">=1.0.0, <2.0.0"):

    $ rg --no-filename -o '"req":"[^"]*<[^"]*"' . | grep -Ev '< ?=? ?([0-9]+(\.0){0,2}|0\.[0-9]+(\.0)?)"' | wc -l
    6727

So it's definitely used. One person's non-breaking change is another's breaking change https://xkcd.com/1172/

discuss

VorpalWay|1 day ago

How many of those are between a crate and it's proc macro crate? E.g. serde and serde_derive. I believe that is a common use case for exact dependencies, as they are really the same crate but have to be split due to how proc-macros work. But that is getting down in the weeds of peculiarites of how rustc works.

ryangibb|1 day ago

As far as I can tell, checking for proc macro crates by suffix, only one: ergol -> ergol_proc_macro with >=0.0.1, <0.0.2.

I didn't include singular dependencies in this grep (=) just upper bounds (< and <=).

Some rough scripting is telling me there's over 600,000 singular dependencies of which just under 10,000 are proc-macro pairs.