Rust projects should have up to date dependencies

dfinity / sdk

IC SDK: a Software Development Kit for creating and managing canister smart contracts on the ICP blockchain.

https://internetcomputer.org/developers

Apache License 2.0

174 stars 83 forks source link

Rust projects should have up to date dependencies #2336

Open domwoe opened 2 years ago

domwoe commented 2 years ago

Rust projects created with dfx include old dependencies for ic-cdk and ic-cdk-macros. There needs to be a mechanism to keep them up to date.

Current work around is using cargo upgrade in the project.

sesi200 commented 2 years ago

Will this be handled by #2331?

domwoe commented 2 years ago

I don't think so.

sesi200 commented 2 years ago

I see the problem. Master is currently updated, but we haven't had a release in a while now... Since cargo upgrades is not even installed by default, I don't think there is a solution we can implement for now. What we do have, however, is automatic cargo audit so that it at least will warn if there's known vulnerabilities in your dependencies

sesi200 commented 2 years ago

I'm trying to get "Updating dependencies in dfx new" into the cdk-rs release process