Discuss: Check in Cargo.lock file? #14135
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem or challenge?
Broken out of a discussion on a PR here:
As described in https://github.com/apache/datafusion?tab=readme-ov-file#dependencies-and-a-cargolock
DataFusion currently does not check in
Cargo.lockwhich was the recommendation for earlier versions of Rust@mbrobbel has a good point here #14069 (comment) that the guidance for Cargo.lock and library files has changed
See https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html
Describe the solution you'd like
TLDR it sounds like the rust team now suggests always committing Cargo.lock and letting dependabot handle updates. That seems like a good idea to me
@gatesn suggested
Though One thing we have to be aware of in DataFusion is that as part of the Apache security posture, only certain third party actions are allowed -- we would have to double check Rennovate
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: