How the dependencies are fetched from cargo.toml

I have a rust package package-a and it has dependency of package-b .And package-b has dependency of package-c
package-a/Cargo.toml (Ignore github-link )

[package]
edition = "2021"
name = "package-a"
package-b = { git = "github-link", branch = "master"}

package-b/Cargo.toml (Ignore github-link )

[package]
edition = "2021"
name = "package-b"
package-c = { git = "github-link", branch = "master"}

lets say if i build package-a for the first time then

  1. which version of package-b & package-c are fetched and why? considering package-a doesnt have any Cargo.lock file initially.
  2. does package-b/Cargo.lock is considered for fetching package-c or any other dependency of package-b.
  3. Suppose if package-a had Cargo.lock and in that case how these dependencies are fetched.

The latest Git revision on the specified branch.

crates.io dependencies work similarly: when there is no locked version, they take the latest one that is compatible with the specified version requirement.

No, only the lock file for the package or workspace where you ran the cargo build command matters. Downloaded dependencies cannot lock versions and are obligated to work with whatever version they are given that meets their requirements specified in Cargo.toml.

Suppose if package-a had Cargo.lock and in that case how these dependencies are fetched.

The lockfile would contain a Git revision ID for package-b and for package-c, and Cargo would use that specific revision.

1 Like