Programatically Updating Cargo.lock

I recently made this pr: https://github.com/wraithan/cargo-bump/pull/20 to cargo-bump. Cargo-bump is a cargo command similar to npm version. Currently, when you upgrade the version of your package, you have to run cargo run or cargo build to update the lock file. That pr aims to make it part of the cargo bump command to reduce friction further.

My question is: is there a better way to update the lock file than just editing the file programatically? Are there any pitfalls with doing it this way that I should be aware of?

Just running cargo update is enough to update the Cargo.lock file, assuming the project has a Cargo.lock file (ie it produces binaries), and that you’ve updated the dependencies in Cargo.toml.

There’s a difference however:

  • cargo update redoes all version resolution, picking newer versions of dependencies.
  • cargo generate-lockfile also redoes all version resolution. (I’m not actually sure how it differs from update)
  • cargo build/check/test fixes the versions of the crates in your workspace and does nothing else. (when I tried it I saw it only modified a single line in Cargo.lock)

Indeed, I can see how something like the third option is preferrable for binary crates that have Cargo.lock in version control. Because if you forget to run cargo check before committing, then you’ll end up having to add another useless commit later for Cargo.lock after the next time you build.

I tried various possibilities but was unable to find anything that can do precisely what cargo build/check/test does without building the crate.

1 Like

Does cargo update -p your_crate work? ISTR using that before to get it to change only what’s necessary.

1 Like

Whatever it does, I can report at least that it cannot be used in offline mode. :confused: