Hello everyone. This is a post where I really blame
Cargo. It is worth mentioning that I love Rust though but
Cargo is something which is made for doing good things but it seems it brings a lot of pain when it comes to handling many dependencies.
I have a discord bot with a lot of functionality. This functionality splitted up into a pieces (crates) but they are all packaged into a single executable by choosing the appropriate feature in the
[features] section. The problem is the dependency graph, where you cannot update YOUR dependencies because some of your dependencies depend on another project, this project depends on another project and so on, and then, the final one is linked to, for example, to openssl 0.7 version while all other crates have been updated to use the latest one. Cargo is good for having a very little executables, but when it comes to using the libraries (crates), if your application’s functionality is huge, you simply cannot mantain it as long as it has many dependencies. A simple example of that can be updating a single dependency of your
Cargo.toml to a next minor(in case of 0.x)/major(in case of 1.x) version and this will break your own crate to compile giving a lot of errors which can not be fixed unless you are the maintainer of all of these crates.
I understand that it is hard to do correctly but, this thing made me to leave the Rust for about a half of a year. I really stopped upgrading my application because it is very painful. I’d love to know that it will be fixed some day but I think this is impossible to do.
P.S. Also, there are some projects which looks as abandoned ones: https://github.com/jgallagher/rusqlite/issues/297
So you just can’t do anything.