I'm not really sure why, to be honest. The practical change in behaviour would be marginal, and a lot of things would start to work magically that didn't work before. I don't think the result would ever actually be incorrect per se.
I don’t think it is so clear-cut. Getting bug fixes (including potentially security fixes!) “for free” is pretty nice… the MSRV-aware resolver that’s the default in 2024 edition will fix this particular downside.
To be honest, I basically don't ever want random upgrades that haven't been tested in the context of the application. If the project includes a lock file, "cargo install" should respect it. If a project decides that any old version of dependencies is just fine, presumably they can not commit one!
Also, I would have no opposition at all to cargo adding a "--loosey-goosey" or "--unlocked" flag, or whatever, for people who prefer a little more adventure in their software journey!
Comments