Update: Fully update all transitive dependencies via cargo update --recursive
#1234
Conversation
dbast
force-pushed
the
update
branch
2 times, most recently
from
3e7fc4a
to
3cdc8b0
Compare
|
produces the error: |
|
One package has to be kept at an older version due to rustc 1.70.0 compatibility. Done via second commit containing the result of |
|
Ready for review :) |
Done via `cargo update -p [email protected] --precise 2.5.0`
|
Updating url only to 2.5.0 (instead of 2.5.3) massively reduces the overall PR diff from +477 -280 lines to +213 -256 by not introducing that many new transitive dependencies... full update then to be done via further PRs. Maybe that makes this more acceptable. |
There was a problem hiding this comment.
One package has to be kept at an older version due to rustc 1.70.0 compatibility. Done via second commit containing the result of
cargo update -p [email protected] --precise 4.4.18
This is the actually most controversial bit, we need to ensure that a reasonable amount of downstream dependencies are actually on 1.74 or above before moving the MSRV, but I think we should if we can
|
The tests are passing with rust 1.70.0 by keeping clap at an older version. Anything else to be done for this PR? |
This is maybe a controversial PR, but I found this while working on #1226
Dependabot seems to only take care of package versions in
Cargo.tomland then only updates related transitive packages inCargo.lockif the pinning constrains of the updated package changes. BUT dependabot never looks at all the transitive dependencies listed in theCargo.lockand updating all of them to the newest version within the constrains.Thus this PR fully updates all transitive dependencies (which is a lot) via running
cargo update --recursiveand committing that. Reveals lots of outdated versions.Any better approach to do that? (A github workflow doing that and creating a PR every week could be one option... didn't find a way to convince dependabot to fully take care of transitive dependencies).