To mitigate cargo dependency hell I'm trying to see if there is a way to track the version of a larger crate that includes the same dependency as mine.
Simple example: my crate depends on ureq (an http client library), which depends on url; and my crate also depends on url directly. How can I say "my version of url should be exactly the same as the one used by ureq"?
There's no use case I can see for me hardcoding url's version, as if I update ureq, updating any url-related breakage at the same time seems the correct thing to do.
I have a dupe of base64 where I have both 0.11 and 0.12 pulled in, which looks like a minor version to me. Is this due to the different rules for 0.x vs >=1.x? If so, I guess it's some consolation it'll get better when crates emerge from "beta".
Crates re-exporting their dependencies is a passable workaround when the use is close by (as in the ureq/url case) but not a fix when it is a project-level invariant that you want to avoid dupes, base64 is a better example here, it could be used by 2 totally unrelated modules, where you don't want to include an extra spurious dependency on some upper level library in a module that does not need it, just to solve this problem.