Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cargo.lock not updated for crates outside cargo workspace which depends on crates in workspace #11500

Open
1 task done
ludfjig opened this issue Feb 6, 2025 · 0 comments
Open
1 task done

Cargo.lock not updated for crates outside cargo workspace which depends on crates in workspace #11500

ludfjig opened this issue Feb 6, 2025 · 0 comments
Labels
L: go:modules Golang modules L: rust:cargo Rust crates via cargo T: bug 🐞 Something isn't working

Comments

@ludfjig
Copy link

ludfjig commented Feb 6, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Cargo

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

I have a cargo workspace with one crate. I also have a crate that is explicitly not part of the workspace. The crate outside of the workspace has a path-dependency to the crate in the workspace.

├── Cargo.lock
├── Cargo.toml
└── crates
    ├── crate-in-workspace
    │   ├── Cargo.toml
    │   └── src
    │       └── lib.rs
    └── crate-outside-workspace
        ├── Cargo.lock
        ├── Cargo.toml
        └── src
            └── lib.rs

Please see files at https://github.com/ludfjig/dependabot-test-repo

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "cargo"
    directories: 
    - "/"
    - "/crates/crate-outside-workspace"
    schedule:
      interval: "weekly"

also available at https://github.com/ludfjig/dependabot-test-repo

Updated dependency

crate-in-workspace depends on the crate rustix. This is an arbitrary dependency, I tried multiple different ones, it does not matter which dependency it is nor which version number it is. The bug occurs when any dependency of crate-in-workspace is updated by Dependabot.

What you expected to see, versus what you actually saw

I expected crate-outside-workspace's Cargo.lock file to be updated in this PR, since the crate depends on a crate-in-workspace, whose dependency got updated. This did not happen.

Native package manager behavior

I only know of manually updating Cargo.toml, so unsure how major versions are usually automatically updated.

Images of the diff or a link to the PR, issue, or logs

As you can see in this PR, CI fails, because crate-outside-workspace's Cargo.lock file was not updated, when it should have been.

Smallest manifest that reproduces the issue

See above yml. I have a repro at ludfjig/dependabot-test-repo#4
@ludfjig ludfjig added the T: bug 🐞 Something isn't working label Feb 6, 2025
@github-actions github-actions bot added L: go:modules Golang modules L: rust:cargo Rust crates via cargo labels Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: go:modules Golang modules L: rust:cargo Rust crates via cargo T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ludfjig