Update Dependencies and add Renovate/Dependabot #2984
Description
Problems with Existing Functionality
The latest release is 2 years old
[dependencies]
rocket = { version = "0.5.1", default-features = false, features = [
"http2",
"json",
"uuid"
] }
rocket_db_pools = { version = "0.2.0", default-features = false, features = [
"sqlx_mysql",
"sqlx_postgres",
"sqlx_sqlite"
] }and in the future rust version, some of the dependencies of rocket will break, even though they have fixed it upstream.
cargo build --future-incompat-report
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.10s
warning: the following packages contain code that will be rejected by a future version of Rust: num-bigint-dig v0.8.4, sqlx-postgres v0.7.4
help: update to a newer version to see if the issue has been fixed
- sqlx-postgres v0.7.4 has the following newer versions available: 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.5, 0.8.6
help: ensure the maintainers know of this problem (e.g. creating a bug report if needed)
or even helping with a fix (e.g. by creating a pull request)
- [email protected]
- repository: https://github.com/dignifiedquire/num-bigint
- detailed warning command: `cargo report future-incompatibilities --id 1 --package [email protected]`
- [email protected]
- repository: https://github.com/launchbadge/sqlx
- detailed warning command: `cargo report future-incompatibilities --id 1 --package [email protected]`
help: use your own version of the dependency with the `[patch]` section in `Cargo.toml`
For more information, see:
https://doc.rust-lang.org/cargo/reference/overriding-dependencies.html#the-patch-section
note: this report can be shown with `cargo report future-incompatibilities --id 1`Suggested Changes
Update the Dependencies to newer versions.
Rust is extremely stable and reliable, but still software ages (
- humans make errors, sometimes even in rust
- specifications change (like in this case with the new rust version that will come)
- fundamental design flaws are found, that make a system insecure (those patches should get rolled out fast)
).
This is true for every project, so it affects Rocket and all its dependencies.
so adding dependency management with Renovate or Dependabot, will allow for small incremental dependency updates, that can be easily checked by CI, so if something breaks in one of those incremental dependency update MRs, its often much easier to identify, than if you Mass update, and multiple breackages happen at once.
System Checks
-
I do not believe that this suggestion can or should be implemented outside of Rocket.
-
I was unable to find a previous suggestion for this change.