Closed Xiretza closed 1 year ago
Thanks for reporting this, I'll take a look and sort it out
In the foo
repro above I don't see why cargo is choosing tokio-util 0.6 for websocket-codec and 0.7 for hyper-websocket-lite, but from reading https://doc.rust-lang.org/cargo/reference/resolver.html it looks like it's allowed to behave this way. (In the Cargo.lock in rust-websocket-lite itself, both get resolved to 0.7.)
It looks like my attempt in #270 to depend on either tokio-util 0.6 or 0.7 is not helpful and we should just have a semver bump of the crates in this repo. At this point there probably isn't a strong reason to still support tokio-util 0.6.
270 updated the externally visible tokio-util dependency across a semver-incompatible boundary (0.6 to 0.7), and the affected crates were subsequently released without incrementing the major version. This breaks crates depending on them, e.g.:
This is because
hyper-websocket-lite 0.5.0
depends both ontokio-util 0.6
andwebsocket-codec
, but the latest compatiblewebsocket-codec
version (0.5.2
) now pulls intokio-util 0.7
(due to the>= 0.6
constraint). Thus,hyper-websocket-lite
'stokio_util::codec::decoder::Decoder
(fromtokio-util 0.6
) is different fromwebsocket-codec
'stokio_util::codec::decoder::Decoder
(fromtokio-util 0.7
).The proper solution here is to yank all affected versions (i.e.
websocket-codec
andwebsocket-lite
versions0.5.1
and0.5.2
), republish the crates under a new major version, and avoid>=
dependencies like the plague - they undermine the whole purpose of semver, since there's no way for you to actually guarantee that you will remain compatible with any breaking changes of the dependency.