Update to the latest compatible versions of all dependencies

[teor2345]

Motivation

Zebra isn't using the latest versions of its dependencies, because we skipped some dependency updates during the NU5 sprints.

We should update dependencies, to get as many bug and security fixes as possible.

Note: we've been discussing in Discord how to split this ticket into smaller parts

Tasks

• Run cargo update to update to the latest versions of each dependency
• Revert any incompatible version updates (but try to find the latest compatible version)
• Revert any dependency changes that cause a lot of duplicates (particularly with tower, tracing, and orchard)
• Update the duplicate dependency checks in deny.toml

[mpguerra]

Hey team! Please add your planning poker estimate with ZenHub @conradoplg @dconnolly @jvff @oxarbitrage @teor2345 @upbqdn

[teor2345]

This ticket might have some helpful commands in it.
But we want the maximum versions in both Cargo.toml and Cargo.lock.

https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/228

[upbqdn]

I ran cargo update and built Zebra, and all tests are passing. I just realized it's not clear to me what needs to be done in this issue.

[teor2345]

I ran cargo update and built Zebra, and all tests are passing. I just realized it's not clear to me what needs to be done in this issue.

Did cargo update change the Cargo.lock or Cargo.toml files?
Maybe we need to use cargo upgrade?

I'm just talking with @conradoplg about this ticket, we think it might be a lot more complicated than we expected.

So we might close this ticket, and just do these upgrades using dependabot.

[upbqdn]

Running cargo update changed only the Cargo.lock file.

[upbqdn]

cargo upgrade changes toml files, and causes conflicts of dependencies. I'm trying to resolve them.

[teor2345]

Yeah, that's what I thought might happen. It's ok to skip any updates that cause conflicts.