Skip to content

cargo build --locked description is confusing #11143

New issue
New issue
Closed
#13665
Closed
cargo build --locked description is confusing#11143
#13665
Labels
A-documenting-cargo-itselfArea: Cargo's documentationC-bugCategory: bugS-acceptedStatus: Issue or feature is accepted, and has a team member available to help mentor or review
@ArekPiekarz

Description

@ArekPiekarz
ArekPiekarz
opened on Sep 25, 2022

Problem

In short:
cargo build --locked description claims it requires the Cargo.lock to be up to date, but building works on an outdated file anyway.

Long version:
The description in cargo build --help about --locked parameter says:

--locked Require Cargo.lock is up to date

And the information in Cargo documentation says:

--frozen
--locked
Either of these flags requires that the Cargo.lock file is up-to-date. If the lock file is missing, or it needs to be updated, Cargo will exit with an error. (...)

When running cargo outdated on my project I get information about outdated packages:

$ cargo outdated
Name                                Project  Compat  Latest  Kind    Platform
----                                -------  ------  ------  ----    --------
clap_derive->proc-macro2            1.0.43   1.0.44  1.0.44  Normal  ---
proc-macro-error->proc-macro2       1.0.43   1.0.44  1.0.44  Normal  ---
proc-macro-error-attr->proc-macro2  1.0.43   1.0.44  1.0.44  Normal  ---
quote->proc-macro2                  1.0.43   1.0.44  1.0.44  Normal  ---
syn->proc-macro2                    1.0.43   1.0.44  1.0.44  Normal  ---

But when I try to build it with the --locked option, it works anyway, using outdated dependency:

$ cargo build --locked
(...)
Compiling proc-macro2 v1.0.43
(...)
Finished dev [unoptimized + debuginfo] target(s) in 11.50s

BTW building without that option uses the same version of proc-macro2.

Steps

  1. git clone https://github.com/ArekPiekarz/struct-formatter.git
  2. cd struct-formatter
  3. It should be at commit 071febcdb1f0b875d030b40094d02260f4469c16. If not, git checkout <revision>.
  4. Confirm with cargo outdated that at least one dependency is outdated.
  5. cargo build --locked

Expected:
According to the description, the build should fail.

Actual:
The build succeeds, using outdated dependency.

Possible Solution(s)

Perhaps the description should say what does it mean that a package is "up to date". Or perhaps it should read "use versions from Cargo.lock or exit with error if it doesn't exist".

Notes

No response

Version

cargo 1.64.0 (387270bc7 2022-09-16)
release: 1.64.0
commit-hash: 387270bc7f446d17869c7f208207c73231d6a252
commit-date: 2022-09-16
host: x86_64-unknown-linux-gnu
libgit2: 1.4.2 (sys:0.14.2 vendored)
libcurl: 7.83.1-DEV (sys:0.4.55+curl-7.83.1 vendored ssl:OpenSSL/1.1.1q)
os: Manjaro 22.0.0 (Sikaris) [64-bit]

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-documenting-cargo-itselfArea: Cargo's documentationC-bugCategory: bugS-acceptedStatus: Issue or feature is accepted, and has a team member available to help mentor or review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions