It becomes challenging to manage a project of this size if sub-crates introduce custom versions of dependencies.
When updating a dependency, a developer may not be aware that another crate is using the same dependency, resulting in the introduction of multiple versions of the same dependency.
When updating a dependency in the workspace, it becomes immediately clear if it has any effects on the rest of the workspace.
Tests and crates should always be locked to the same versions of dependencies as that may result in tests passing while the code itself uses alternate versions of dependencies (perhaps a bit far-fetched but certainly can be the case).
Notes
Updating to this branch may result in compilation errors, they can be resolved by running rm -rf target (cargo clean may not resolve them)
I initially updated prost, tonic, and tonic-build to the latest versions but while they work, these updates result in use of deprecated functions that break lints. I've added a note in the Cargo.toml that these 3 crates should be updated simultaneously. cc @tiram88
Changes
Updated all dependencies to the latest published versions with exceptions of a few that cause either build or unit test failures
Crates that were not updated have been marked with TODO
Migrated all versioned dependencies from sub-crates to the workspace Cargo.toml
Sorted all dependencies alphabetically (makes it easier to see what is where)
Locked all crates to full versions (having major only or major+minor versions without patch allows for dependency code injections as well as changes in the dependency behavior. This is a project security consideration. It is partially mitigated by Cargo.lock but the lockfile does get occasionally refreshed).
Rationale
It becomes challenging to manage a project of this size if sub-crates introduce custom versions of dependencies.
Notes
rm -rf target
(cargo clean
may not resolve them)prost
,tonic
, andtonic-build
to the latest versions but while they work, these updates result in use of deprecated functions that break lints. I've added a note in theCargo.toml
that these 3 crates should be updated simultaneously. cc @tiram88Changes
TODO
Cargo.toml
Cargo.lock
but the lockfile does get occasionally refreshed).