It appears the version pinning in bazelmod external crate specs is not respected, and the most recent crate version is always used. This causes builds to silently break when an external crate releases a new version, even if the crate is pinned to a specific version in MODULE.bazel.
Reproduction steps
mkdir test && cd test
touch BUILD
Add following MODULE.bazel
module(name = "test")
bazel_dep(name = "rules_rust", version = "0.68.1")
rust = use_extension("@rules_rust//rust:extensions.bzl", "rust")
rust.toolchain(
edition = "2024",
versions = ["1.85.0"],
)
crate = use_extension("@rules_rust//crate_universe:extensions.bzl", "crate")
crate.spec(
package = "bytemuck",
version = "1.23.2",
)
crate.from_specs()
use_repo(crate, "crates")Then run bazel query '@crates//:all'.
Expected: output has @crates//:bytemuck-1.23.2
Actual: output has @crates//:bytemuck-1.24.0
This breaks our project because bytemuck released a new minor crate version recently that requires nightly rustc, and we are using stable.
It appears the version pinning in bazelmod external crate specs is not respected, and the most recent crate version is always used. This causes builds to silently break when an external crate releases a new version, even if the crate is pinned to a specific version in MODULE.bazel.
Reproduction steps
Add following
MODULE.bazelThen run
bazel query '@crates//:all'.Expected: output has
@crates//:bytemuck-1.23.2Actual: output has
@crates//:bytemuck-1.24.0This breaks our project because
bytemuckreleased a new minor crate version recently that requires nightlyrustc, and we are using stable.