Skip to content

Plan and test major Rust dependency upgrades #16

Description

@ewilhelm1979-netizen

Context

Dependabot opened major Rust dependency updates that should not be merged as routine maintenance:

These upgrades may change APIs, behavior, parser assumptions, cryptographic call patterns, or platform compatibility. Their automated pull requests were closed and retained here as explicit migration work rather than silently ignored.

Required work

  • review upstream migration notes and security implications
  • update one dependency at a time on a dedicated branch
  • add or update focused tests for the affected code paths
  • run formatting, Clippy, locked tests, advisory checks, license/source checks, HTTP/DB smoke, Nix smoke, Compose validation, and the Docker build
  • document compatibility effects and rollback considerations

Priority

V23.7.27 and the mandatory supply-chain gate are now established on main. Schedule these upgrades individually after the remaining patch-level Dependabot updates have been validated.

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesPull requests that update a dependency file

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions