You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I haven't thought about this one in a while. It's in fact adding the Cargo.lock file to the repo :)
I would love your help, but my feeling is that we should have a "core developer" (someone with write access to this repo) do this one. It would generate a rather large file that would be difficult to audit, exposing an opportunity to inject a bad dep.
I have no doubt you're a venerable, upstanding eth-citizen! I just think it would be best practice this way :)
If you're in the spirit of contributing, I just made this simple one as an alternative: #512
Description
Cargo.lock shouldn't be ignored for binaries https://doc.rust-lang.org/cargo/faq.html#why-do-binaries-have-cargolock-in-version-control-but-not-libraries
Present Behaviour
Dev who runs
cargo update
after a dependency update will have a different version to existing devsExpected Behaviour
Guarantee same versions of dependencies between devs
Steps to resolve
Remove Cargo.lock from .gitignore
The text was updated successfully, but these errors were encountered: