Upgrading tokio in fake collector breaks any project using older versions

[krlohnes]

In the fake-open-telemetry-collector, you upgraded tokio to 1.39. That's going to leave any user of the crate being forced to upgrade to the latest version of tokio just for that crate. I think it was at 1.27 before that. It might be better to leave the tokio dependency as low as has been reasonably tested unless it's absolutely needed for some new feature.

[davidB]

My current policy when I work on a project (personal & pro) is to keep dependencies up-to-date as much as possible (using tools like dependabot, renovate, dependi,...) to ease integration when I add a new dependency and also for security. But on the other side, some environments have constraints on selected/reviewed "version" of libs,...

Also in the case of fake-opentelemetry-collector, I finally was able to upgrade it to a more recent version of tonic 0.12, because during a long time I was lock to an old version because otl implementation used an old version internally.

Anyways if you know a tool that can help to detect the minimal version (regarding api and dependency graph), please share.

[davidB]

I downgrade the version of tokio but to version compatible with other dependencies in the workspace (to use the same version in every place).

[krlohnes]

This addressed my current issues. Thank you.