Bump dependencies

[CleanCut]

Manual changes:

• Update Rust from 1.77 to 1.83 (Is there any reason not to use the latest stable version of Rust?) Reverted pending decision in on what MSRV policy to have
• Update http from 1.0 to 1.2, resolves Bump http from 1.1.0 to 1.2.0 #137
• Update tokio from 1.41 to 1.42, resolves Bump tokio from 1.41.1 to 1.42.0 #139
• Silenced an unused code warning in the example

Changes to Cargo.lock from running cargo update:

• Update prost from 0.13.3 to 0.13.4, resolves Bump prost from 0.13.3 to 0.13.4 #136
• Update prost-build from 0.13.3 to 0.13.4, resolves Bump prost-build from 0.13.3 to 0.13.4 #135
• Update thiserror from 2.0.3 to 2.0.6, resolves Bump thiserror from 2.0.3 to 2.0.6 #138

Copilot reviewed 5 out of 5 changed files in this pull request and generated no suggestions.

Comments skipped due to low confidence (2)

crates/twirp/Cargo.toml:19

• Ensure that there are adequate tests covering the changes introduced by updating the http crate from version 1.0 to 1.2, as this could introduce breaking changes or new behaviors.

http = "1.2"

crates/twirp/Cargo.toml:27

• Ensure that there are adequate tests covering the changes introduced by updating the tokio crate from version 1.41 to 1.42, as this could introduce breaking changes or new behaviors.

tokio = { version = "1.42", default-features = false }

Tip: Turn on automatic Copilot reviews for this repository to get quick feedback on every pull request. Learn more

[jorendorff]

Update Rust from 1.77 to 1.83 (Is there any reason not to use the latest stable version of Rust?)

Bumping the Rust version effectively changes our MSRV. Although older versions would not instantly break, it definitely changes the minimum Rust version we test with.

Really we should have an explicit MSRV policy of some sort (even if it's "we only support the latest"), and set the rust-version property in crates/*/Cargo.toml accordingly. Would you mind giving that a shot?

[jorendorff]

Thanks! Approving conditionally:

The dependency updates alone are fine, if tests still pass with the old Rust version (that is, back out the version = 4 change in Cargo.lock and the rust-toolchain.toml change).

Or, document any reasonable MSRV policy in the README and set [toolchain] channel in rust-toolchain.toml and [package] rust-version in the Cargo.toml files accordingly. If the MSRV policy covers more than just the latest Rust release, ideally our CI should run the tests in both the oldest and the newest versions of Rust we claim to support.

[CleanCut]

I backed out the Rust version change and started a discussion about what MSRV policy to implement.