So, earlier today I got a notification that we had a new security vulnerability open on Rojo. For the curious, it is https://github.com/advisories/GHSA-r8w9-5wcg-vfj7 and I don't think it actually impacts us.
What it made me realize however was that our dependencies were fairly out of date and the version listed in Cargo.toml for most of them was not the version we were actually using and it's been a long time since we just blanket updated things. So, I ran cargo update and then changed the version in our Cargo.tomls to reflect the version that's now in the Cargo.lock file.
This is not something I would recommend we do very often, but Tokio was listed as being 1.12.0 despite us actually using 1.32.0 before this change. We should try to at least be somewhat accurate with our dependencies.
So, earlier today I got a notification that we had a new security vulnerability open on Rojo. For the curious, it is https://github.com/advisories/GHSA-r8w9-5wcg-vfj7 and I don't think it actually impacts us.
What it made me realize however was that our dependencies were fairly out of date and the version listed in Cargo.toml for most of them was not the version we were actually using and it's been a long time since we just blanket updated things. So, I ran
cargo updateand then changed the version in ourCargo.tomls to reflect the version that's now in theCargo.lockfile.This is not something I would recommend we do very often, but Tokio was listed as being
1.12.0despite us actually using1.32.0before this change. We should try to at least be somewhat accurate with our dependencies.