Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: adds rust-toolchain.toml #9435

Open
wants to merge 2 commits into
base: dev
Choose a base branch
from

Conversation

simonhyll
Copy link
Contributor

In relation to the CVE about Rust it's about time we pulled the trigger on adding rust-toolchain.toml in project templates. The reasoning behind this is pretty simple, it's good practice in projects in general to have one to enforce all developers to use the same Rust version, but more importantly it makes it very easy for projects to update their toolchain version when things like this happens. Furthermore it makes it more relevant for us to develop a tauri audit --fix command that checks the version in rust-toolchain.toml and recommends updating it.

Reflects the proposed update to create-tauri-app: tauri-apps/create-tauri-app#664

@simonhyll simonhyll requested a review from a team as a code owner April 10, 2024 13:31
@FabianLars
Copy link
Member

Does the toolchain file also support a plain "stable" channel.

I already hear the screams when we raise our msrv too high x)

@lucasfernog
Copy link
Member

Does the toolchain file also support a plain "stable" channel.

I already hear the screams when we raise our msrv too high x)

@FabianLars yeah: https://rust-lang.github.io/rustup/overrides.html#channel

@FabianLars
Copy link
Member

then i'd be heavily in favor of using that instead of a specific number. imo we have too many users that have no idea about cargo/rustup etc and don't want to learn about it either. For those who do know about it, they can just modify/remove the file...

@lucasfernog
Copy link
Member

maybe i'm missing the point.. isn't the idea that we can automate updating the toolchain version easily?

@lucasfernog
Copy link
Member

using stable is the same as not having the file at all I believe

@FabianLars
Copy link
Member

using stable is the same as not having the file at all I believe

Ah yeah maybe, hoped that it'd just auto update lol.

maybe i'm missing the point.. isn't the idea that we can automate updating the toolchain version easily?

Then we should wait with this PR until we have the automation in place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants