chore: check-in Cargo.lock

[mxinden]

This commit checks the Cargo.lock file into git.

Version controlling Cargo.lock makes e.g. our CI builds more reproducible, where two consecutive CI runs on the same commit use the same set of dependencies, even if a compatible update of a dependency was published in between the two runs.

This is also helpful when cutting patch releases of old Neqo versions, where dependencies since shipped a breaking change in a patch version, e.g. a MSRV update. See for example pinned dependencies in a recent Neqo patch release to the Neqo v0.6 family.

mxinden@66e60f3

While previously the recommendation by the cargo team was for libraries to not check in their Cargo.lock, this recommendation has since been replaced by "do what is best for the project".

https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html

---

I generated a fresh Cargo.lock, i.e. ran rm Cargo.lock && cargo check && git add Cargo.lock.

We could as well base our Cargo.lock on mozilla-central's Cargo.lock. Though I can not think of a simple way to then keep the two in sync going forward.

Dependabot will attempt to keep the Cargo.lock up-to-date, in other words will open many pull requests updating patch versions. I don't know how to prevent this. Unfortunately, the Dependabot version-strategy parameter is not supported for the cargo ecosystem.

What do folks think?

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.39%. Comparing base (8e36f63) to head (281303c).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2208   +/-   ##
=======================================
  Coverage   95.39%   95.39%           
=======================================
  Files         112      112           
  Lines       36447    36447           
=======================================
  Hits        34768    34768           
  Misses       1679     1679           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Failed Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: Z
• neqo-latest vs. haproxy: L1
• neqo-latest vs. msquic: Z A L1
• neqo-latest vs. mvfst: A L1 C1
• neqo-latest vs. xquic: A

neqo-latest as server

• msquic vs. neqo-latest: Z U
• mvfst vs. neqo-latest: Z A L1 C1
• ngtcp2 vs. neqo-latest: C20
• quinn vs. neqo-latest: V2
• xquic vs. neqo-latest: M

All results

Succeeded Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: H DC LR C20 M S R 3 B U A L1 L2 C1 C2 6 V2
• neqo-latest vs. go-x-net: H DC LR M B U A L2 C2 6
• neqo-latest vs. haproxy: H DC LR C20 M S R Z 3 B U A L2 C1 C2 6 V2
• neqo-latest vs. kwik: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• neqo-latest vs. lsquic: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. msquic: H DC LR C20 M S R B U L2 C1 C2 6 V2
• neqo-latest vs. mvfst: H DC LR M R Z 3 B U L2 C2 6
• neqo-latest vs. neqo: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. nginx: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-latest vs. ngtcp2: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. picoquic: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• neqo-latest vs. quic-go: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-latest vs. quiche: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-latest vs. quinn: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6
• neqo-latest vs. s2n-quic: H DC LR C20 M S R 3 B U E A L1 L2 C1 C2 6
• neqo-latest vs. xquic: H DC LR C20 M R Z 3 B U L1 L2 C1 C2 6

neqo-latest as server

• aioquic vs. neqo-latest: H DC LR C20 M S R Z 3 B A L1 L2 C1 C2 6 V2
• chrome vs. neqo-latest: 3
• go-x-net vs. neqo-latest: H DC LR M B U A L2 C2 6
• kwik vs. neqo-latest: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• lsquic vs. neqo-latest: H DC LR M S R 3 B E A L1 L2 C1 C2 6 V2
• msquic vs. neqo-latest: H DC LR C20 M S R B A L1 L2 C1 C2 6 V2
• mvfst vs. neqo-latest: H DC LR M 3 B L2 C2 6
• neqo vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• ngtcp2 vs. neqo-latest: H DC LR M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• picoquic vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2
• quic-go vs. neqo-latest: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• quiche vs. neqo-latest: H DC LR M S R Z 3 B A L1 L2 C1 C2 6
• quinn vs. neqo-latest: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6
• s2n-quic vs. neqo-latest: H DC LR M S R 3 B E A L1 L2 C1 C2 6
• xquic vs. neqo-latest: H DC LR C20 S R Z 3 B U A L1 L2 C1 C2 6

Unsupported Interop Tests

QUIC Interop Runner, client vs. server

neqo-latest as client

• neqo-latest vs. aioquic: E
• neqo-latest vs. go-x-net: C20 S R Z 3 E L1 C1 V2
• neqo-latest vs. haproxy: E
• neqo-latest vs. kwik: E
• neqo-latest vs. msquic: 3 E
• neqo-latest vs. mvfst: C20 S E V2
• neqo-latest vs. nginx: E V2
• neqo-latest vs. quic-go: E V2
• neqo-latest vs. quiche: E V2
• neqo-latest vs. quinn: V2
• neqo-latest vs. s2n-quic: Z V2
• neqo-latest vs. xquic: S E V2

neqo-latest as server

• aioquic vs. neqo-latest: U E
• chrome vs. neqo-latest: H DC LR C20 M S R Z B U E A L1 L2 C1 C2 6 V2
• go-x-net vs. neqo-latest: C20 S R Z 3 E L1 C1 V2
• kwik vs. neqo-latest: E
• lsquic vs. neqo-latest: C20 Z U
• msquic vs. neqo-latest: 3 E
• mvfst vs. neqo-latest: C20 S R U E V2
• quic-go vs. neqo-latest: E V2
• quiche vs. neqo-latest: C20 U E V2
• s2n-quic vs. neqo-latest: C20 Z U V2
• xquic vs. neqo-latest: E V2

[larseggert]

Don't have a strong opinion here due to limited experience maintaining Rust libs. Do we think this is "best for the project"?