From 5f10ce47f07ca8ff0258643cd325de2e4645497c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laurent=20P=2E=20Ren=C3=A9=20de=20Cotret?= Date: Sat, 8 Feb 2025 20:52:13 -0500 Subject: [PATCH] Added link between `freeze --lock` and `--reject-unconstrained-dependencies` --- changelog.d/pr-10785.md | 2 ++ doc/cabal-commands.rst | 3 +++ 2 files changed, 5 insertions(+) diff --git a/changelog.d/pr-10785.md b/changelog.d/pr-10785.md index 952bb7a5b07..b68c1a3821d 100644 --- a/changelog.d/pr-10785.md +++ b/changelog.d/pr-10785.md @@ -6,3 +6,5 @@ issues: 10784 --- Added a `--lock` flag to `cabal freeze`, to promote a freeze file to a lock file. By calling `cabal freeze --lock`, the resulting freeze file will ensure that only dependencies whose constraints are specified, will be accepted by future build plans. This flag can be used to ensure that no unaudited packages are added to the build plan. + +This new `--lock` flag reuses the mechanism behind `--reject-unconstrained-dependencies`, by writing the equivalent of `--reject-unconstrained-dependencies=all` to the freeze file. \ No newline at end of file diff --git a/doc/cabal-commands.rst b/doc/cabal-commands.rst index d1ee155eb8e..db860bfe8e2 100644 --- a/doc/cabal-commands.rst +++ b/doc/cabal-commands.rst @@ -538,6 +538,9 @@ a freeze file is not, by default, a **lockfile**. To turn a freeze file into a l use the ``--lock`` flag when invocating ``cabal freeze``. This will prevent future builds from including new dependencies. This can be helpful in situations where every dependency must be explicitly audited and approved, for example. +Under the hood, the ``--lock`` flag reuses the mechanism behind +``--reject-unconstrained-dependencies``, by writing the equivalent of +``--reject-unconstrained-dependencies=all`` to the freeze file. cabal gen-bounds ^^^^^^^^^^^^^^^^