The contract MSRV problem in 0.16.5

[brew0722]

I understood out that hashbrown 0.12.0 used by rkyv used by wasmer in 0.16.3 creates MSRV issue.
And in 0.16.4, cargo.lock seems to have been solved by pin the rkyv by manual.
d9ea506

However, there were still concerns.
When developing a new contract, the rkyv version is updated again in the newly created cargo.lock of the new contract.
This occurs because the contract's dev-dependencies refers to cosmwasm-vm.
There is no problem with normal contract compilation. However, in rust 1.54.0, we cannot run the test logic.
Below is a reproduced example of deleting cargo.lock from the burner and testing again.

user@AL01696733 burner % cargo +1.54.0 test   
error: failed to download `hashbrown v0.12.0`

Caused by:
  unable to get packages from source

Caused by:
  failed to parse manifest at `/Users/user/.cargo/registry/src/github.com-1ecc6299db9ec823/hashbrown-0.12.0/Cargo.toml`

Caused by:
  feature `edition2021` is required

  this Cargo does not support nightly features, but if you
  switch to nightly channel you can add
  `cargo-features = ["edition2021"]` to enable this feature
user@AL01696733 burner % 

The contracts we are managing can directly modify cargo.lock in the same way, but it is difficult for other contract developers who are not aware of this issue to understand why they need to modify cargo.lock directly.
Is there any way not to modify cargo.lock in the newly created contract?
It will be solved if contract developer create it using a solved template, but if it is not, (or such as updating an existing contract), it seems that the contract developer will have to modify cargo.lock directly.

In the end, I think it seems that this problem will be solved by pining the rkyv so that the MSRV problem does not occur in wasmer.

Could you please tell me if I've misunderstood anything?

[webmaster128]

Yes, this is a problem. It is a consequence of how the Rust module system works and how crate authors increase compiler requirements. There is very little we can do about it.

What I did in the past is: cargo update -p rkyv --precise 0.7.31. Also using a more recent compiler is probably the easiest solution if you can do that.

[brew0722]

There is very little we can do about it.

I agree. It seems that this issue should be resolved in wasmer. not in cosmwasm. I will create an issue soon in wasmer.

cargo update -p rkyv --precise 0.7.31

And thank you for sharing this method.

[brew0722]

Coming back from the discussion at wasmer, I wonder if it would be the right thing to guide the MSRV.

In the end, it seems that we have no choice and to force contract developers to use the highest version of rust possible, Even after the 1.0 release.
Even if we pinned in the cosmwasm lock file, we can't do anything effect about the cargo.lock file in the contract project.

Right now, when creating a new contract package or migrating old version contract, it seems that there is no choice but to provide a way to downgrade the dependency manually in the same way as above.