Upcoming changes to `Cargo.lock`

The Cargo team will soon land a change to the format of Cargo.lock files. This affects lock files checked into version control so we'd like to give a heads up to Cargo users that this is happening to make sure you're not surprised. Concretely the changes are:

  • A version = 3 marker will appear at the top of the file (a long overdue addition to lock files)
  • Git dependencies using branch = 'master' in your manifest will be re-encoded as ?branch=master in their URLs.

This lock file change is in preparation for fixing Cargo's implementation of git dependencies to depend on the default branch of a repository by default instead of unconditionally depending on the master branch of the repository. Initial work for this change landed way-back-when for Rust 1.47 released in October. With GitHub using a new default branch name more commonly this should help reduce boilerplate with using repositories that aren't using master as their default branch!

No breakage is expected from this change, so if something pops up please let us know! Also note that the change in Cargo has not landed as of the time of this writing but will likely land soon. This means you won't immediately see updates to your lock files after updating Cargo, but you'll see it in the next week or so.


@alexcrichton is there an example of a Cargo.lock in the version = 3 format somewhere handy? It'd be good to have test vectors for updating the cargo-lock crate: Add support for V3 format · Issue #97 · RustSec/cargo-lock · GitHub

There's an example or two in the testsuite but for parsers the only real difference is the version = 3 marker at the top.

1 Like