Regulating our MSRV #1554
Description
A recent Dependabot update changes env_logger
The biggest risk from my perspective is the MSRV changed to 1.71
While we do have a policy that as long as we're >= 3 behind stable then we don't consider it breaking. However, I'd like us to consider that ferrocene is a certified compiler. Which can now be used in automotive use cases. Ferrocene is essentially Rust, but it's not the latest version. As of their first version it's equivalent to 1.68.2. Our current MSRV is Rust 1.65. Their next certified version is going to skip to 1.76.0.
There's also work on the rust project to deliver a spec for the language which should in theory develop a quicker cycle for getting certified in the future.
I'd propose that we make sure that we're at least compatible with the latest version of ferrocene. What that would look like:
- Current MSRV: 1.65.
- Current Ferrocene Equivalent 1.68.2
- Latest Stable: 1.76
- Today our Maximum MSRV 1.68
Once May 2024:
- Latest Stable 1.79. (Rust is on a monthly release cycle, so 1.77 will be the 3rd most recent for May)
- Ferrocene will be 1.76 compatible
- Maximum MSRV would be 1.76.
Essentially it should be:
min( (Stable - 3 minor revisions), (Ferrocene Supported Rust Version) )
Beyond that though I do think we should only bump if there's a good reason to bump in the name of maintaining compatibility. Good reasons include: Core dependencies require a bump, so long as we're not violating the above rule.
What are your thoughts?
Originally posted by @dependabot in #1546
EDIT: Updated links to relevant content.