Cargo-minimal.lock and Cargo-recent.lock have the same contents. Is this right?

[DanGould]

sha256sum Cargo-minimal.lock Cargo-recent.lock
cfc03189fb6e75ba99b0b74b0abf46e942c96c99ef2266538e99d7a7ec746ffb Cargo-minimal.lock
cfc03189fb6e75ba99b0b74b0abf46e942c96c99ef2266538e99d7a7ec746ffb Cargo-recent.lock

I have been running ./contrib/update-lock-files.sh once to get CI to pass thinking it automatically handled locking MSRV dependencies. But I don't see that they're actually different.

• Check the commit log to see where they unified, if ever
• If not, describe how our CI passes MSRV tests without locking
• Fix the script to accommodate MSRV dependency requirements

s/o @nothingmuch for discovering this

[nothingmuch]

is the purpose of the minimal lockfile just to work with msrv or are there other reasons?

is the purpose of recent to always be as up to date as possible?

somewhat relatedly, cargo audit is unhappy with some of our deps, and machete suggests some dependencies for removal. i'm wrapping up the flake stuff where this came up, and will open separate issues & draft PRs for these, but resolving them depends on the answer to this question IMO

[nothingmuch]

is the purpose of recent to always be as up to date as possible?

and if so, then this probably merits a daily or weekly automated update PR in a github workflow, assuming we trust the end to end tests enough that they will reliably discover if anything breaks