We have a gargantuan number of outdated dependencies.

I tried updating dependencies within the semver bounds with cargo update here: #285. The problem is that those newer dependencies don't build on rustc-1.48 as you can see in the CI runs on that PR. I wonder how we should go about this in general. Should we just bump our MSRV liberally? Since agora is mostly distributed as a binary having a low MSRV is not that important. But we did have someone ask for support for 1.48 (#207). Another option is to try to update individual dependencies manually and keep older versions when the newer ones would break 1.48. That sounds super tedious though. I also wonder what other rust projects do.

I think the only downside of bumping our MSRV is going to be getting Agora packaged for Linux distros which use old versions of Rust. Users of those distros can get the latest version of Rust via rustup, and build that way.

For distros, it strikes me that they should be able to package the last version of agora which built with the older version of Rust that they're using. If they're six months behind on packaging Rust, then they'll just be six months behind on packaging Agora. This seems kind of fine to me.

The main place this would be a problem is Debian and Ubuntu, but getting things packaged for Debian is such a slog that think we shouldn't worry about it too much.

So given all that, I think we should probably just keep our MSRV as low as possible, but bump it whenever it's even slightly annoying not to, i.e. for new language features, and new versions of dependencies.

Yeah, that sounds good to me. CC'ing @Kixunil.

Another question about this issue: Is this about updating dependencies within the semver bounds from our Cargo.toml files, or also about bumping those versions?

I noticed all the out-of-date dependencies by running cargo outdated, which prints outdated dependencies regardless of current semver bounds.