How to specify the exact version of a dependency?

Question

I'm using

$ cargo --version
cargo 0.21.0-beta (7e00b82d9 2017-07-17)

I created a simple project with cargo new --bin test1, and then I added a dependency:

[dependencies]
lazy_static = "0.2.2"

to Cargo.toml (according to this such version exists) and

#[macro_use]
extern crate lazy_static;

to src/main.rs

When I run cargo build:

$ cargo build
   Compiling lazy_static v0.2.8
   Compiling test1 v0.1.0 (file:///tmp/test1)
warning: unused `#[macro_use]` import
 --> src/main.rs:1:1
  |
1 | #[macro_use]
  | ^^^^^^^^^^^^
  |
  = note: #[warn(unused_imports)] on by default

    Finished dev [unoptimized + debuginfo] target(s) in 0.49 secs

Why does cargo build compile last version 0.2.8 instead of 0.2.2 that I specified? What am I doing wrong?

Answer 1

TL;DR:

my-crate = "=1.2.3"

---

Reading the documentation is generally a great idea. In this case, the Cargo documentation has an entire section on specifying dependencies:

Since this string does not have any operators in it, it is interpreted the same way as if we had specified "^0.1.12", which is called a caret requirement.

Caret requirements allow SemVer compatible updates to a specified version. An update is allowed if the new version number does not modify the left-most non-zero digit in the major, minor, patch grouping.

As well as

Inequality requirements allow manually specifying a version range or an exact version to depend on.

Here are some examples of inequality requirements:

= 1.2.3

---

What am I doing wrong?

I'd say that, without extenuating circumstances, trying to specify an exact version is wrong. There's generally very little reason to force the users of your code to be stuck to an older version of a crate and prevent them from getting bug fixes.

Cargo.lock is the correct tool to avoid deploying your application with an inconsistent set of dependencies.

Answer 2

Exact versions are prepended by =. It's one of the comparison requirements (formerly called inequality requirement).

lazy_static = "= 0.2.2"

The default is the caret requirement (e.g. 0.2.2 is equivalent to ^0.2.2 ), which accepts minor and patch version updates (or just patch updates if the major is 0). Unless you have a very good reason to disallow this, it is often recommended to leave the default specifier as it is.