Update Cargo.lock

[baumanj]

Currently Cargo.lock is badly out of sync with the dependency versions that would be generated from scratch. Add to this the fact that cargo update for a single package is broken and the only option left for accessing new code (which we frequently need to do across our own repositories) is error-prone hand edits to the Cargo.lock file.

In order to get Cargo.lock to a maintainable state, we must go through the painful process of closing the significant gap between the current dependent package versions and the versions that our various Cargo.toml files declare (usually *, which resolves to the newest version). Once we get Cargo.lock into a good state, it can be regularly updated as part of our post-release process and should be relatively painless.

To get to that point, we must first close the gap. Based on experiences with similar work for the builder repo, there may be a significant amount of effort and frustration required. In order to avoid large, risky changes, we will attempt to first lock all out-of-sync dependency versions to their current values in Cargo.lock, and then gradually relax them while making the necessary code changes to ensure compatibility. This may result in a significant number of commits, so this issue will be used to track all the added version locking and the PRs which will relax them.

Dependencies that are version-locked by #5468 (comment), that need to later be relaxed:

• rand Relax the version pin for the rand crate #5487 Update Cargo.lock, replace mktemp with rand and fix deprecations #5656

• prost, prost-derive, prost-build, prost-types Relax the version pins for the various prost crates #5501 Update sup-protocol protocol generation process #5506

• uuid Relax the version pin for the uuid crate #5492

• protobuf → prost Generate protobuf code in Supervisor and Launcher package builds #6153, Convert all of the launcher crates to use prost. #6105

• rustoto_core, rusoto_credential, rusoto_ecr Relax rusoto version pins #5493

• pkg-config, tabwriter, serde and serde-json Remove unnecessary crate version pins, fix typo and add comments for hyper pins #5729

• fix warnings Replace deprecated usage of rand crate with mktemp #5562 Fix compile warning #5595 Replace deprecated gen_ascii_chars() with sample_iter(&Alphanumeric) #5655 Tokio deprecation fixes #5727

[christophermaier]

I've expanded on the protobuf->prost migration work in #5949.

Since that seems to be its "own thing", and our Cargo.lock file has been largely tamed by studious periodic upgrades, I think we can consider this work done.

Thoughts, @baumanj?

[baumanj]

Since that seems to be its "own thing", and our Cargo.lock file has been largely tamed by studious periodic upgrades, I think we can consider this work done.

I was keeping this around as a tracking issue for all the dependencies we had pinned to a specific version (of which protobuf is the last, I think). So, maybe we should rename the issue? But it seems worth keeping around.