struson icon indicating copy to clipboard operation
struson copied to clipboard
verified publisher icon Marcono1234

Add GitHub workflow checking minimal dependency versions

Open Marcono1234 opened this issue 1 year ago • 1 comments

Problem solved by the enhancement

By accident Struson could depend on a future introduced by a version of a dependency newer than specified in Cargo.toml; users of Struson could then encounter build issues if Cargo's dependency resolution picks the older version (e.g. due to restrictions from other dependencies).

Enhancement description

Consider using Cargo's direct-minimal-versions or https://crates.io/crates/cargo-minimal-versions (or similar).

Alternatives / workarounds

  • Include this as task in Makefile.toml instead of just in a GitHub workflow (maybe not worth it because it causes too much overhead for every build)
  • Do nothing and hope / assume the problem described above is not common enough

Marcono1234 avatar Jul 07 '24 19:07 Marcono1234

Maybe this is not that important, or needed at all, because Dependabot keeps the versions up to date and makes sure Cargo.toml and Cargo.lock are in sync. Might mainly be an issue when intentionally staying on older minimum dependency version, but the version in Cargo.lock is updated to a newer version.

Marcono1234 avatar Jul 16 '24 21:07 Marcono1234