We usually try to verify if our crates have correctly specified lower bounds on all our dependencies. We do this with a CI job that basically just runs cargo +nightly update -Z minimal-versions and then cargo build --all-targets. This CI workflow usually looks like this: https://github.com/mullvad/pfctl-rs/blob/594f8832b1398f25c79a70a9e738a9a4e7f62979/.github/workflows/build-and-test.yml#L43-L61
The problem with this is that it also fails if a transitive dependency underspecifies a lower bound on their dependencies. Sadly tun currently does that on log and ipnet. I will submit a separate PR on this.
However, upon fixing those dependencies I noticed that tun's build-dependencies have a lot of the similar problems in its transitive dependencies. So it's not trivial to enable this CI check in tun, but it would be great!
We usually try to verify if our crates have correctly specified lower bounds on all our dependencies. We do this with a CI job that basically just runs
cargo +nightly update -Z minimal-versionsand thencargo build --all-targets. This CI workflow usually looks like this: https://github.com/mullvad/pfctl-rs/blob/594f8832b1398f25c79a70a9e738a9a4e7f62979/.github/workflows/build-and-test.yml#L43-L61The problem with this is that it also fails if a transitive dependency underspecifies a lower bound on their dependencies. Sadly
tuncurrently does that onlogandipnet. I will submit a separate PR on this.However, upon fixing those dependencies I noticed that
tun'sbuild-dependencieshave a lot of the similar problems in its transitive dependencies. So it's not trivial to enable this CI check intun, but it would be great!