flavio
commented
1 month ago I'll look into the failed unit tests, sorry... I didn't spot them locally
Open flavio opened 1 month ago
flavio
commented
1 month ago I'll look into the failed unit tests, sorry... I didn't spot them locally
webern
commented
1 month ago I'll look into the failed unit tests, sorry... I didn't spot them locally
It's an unfortunate lint that we have using Cargo Deny. The lint causes an error when two major versions of a dependency exist in Cargo.lock. To fix the lint, the list of ignored dependencies has to be updated in deny.toml in the bans skip section https://github.com/awslabs/tough/blob/eb5e25e1609ac30d6c9c5f694ccc608acc35401c/deny.toml#L69
make check-licenses will run this locally https://github.com/awslabs/tough/blob/eb5e25e1609ac30d6c9c5f694ccc608acc35401c/Makefile#L16
flavio
commented
1 month ago @webern I've updated cargo.deny. Unfortunately the list of duplicated crates is quite bit. Quite some of them come from crates related with aws-smithy. Maybe you have influence over them?
flavio
commented
1 month ago @webern sorry, this should be fixed now
webern
commented
1 month ago sorry, this should be fixed now
Can you also turn off auto-formatting of TOML files and restore them so that the PR has the minimum possible diff? We prefer to avoid auto-formatting churn in our git history.
Thank you!
flavio
commented
1 month ago @webern sorry about that, I fixed it.
Moreover, make ci completes successfully on my computer now.
webern
commented
1 month ago Looks good, thank you for dealing with our deny.toml :roll_eyes:
flavio
commented
1 month ago Sorry to bother you, do you have any ETA about when you plan to merge this PR and even tag a new release of the crate? :pray:
jpculp
commented
3 days ago Sorry for the radio silence here. I was concerned about the number of duplicated crates that were being pulled in. I'm going to poke at this early next week and see how things look once we bump smithy and aws-sdk-rust. Do you mind if I add your commit to that larger dependency update PR, or would you rather rebase this PR on top of it?
flavio
commented
2 days ago Thanks for looking into that! I'm fine with you adding this commit to a larger dependency PR
Issue #, if available:
The current version of tough depends on an older version of reqwest which in cause a old version of hyper to be consumed.
This hyper upgrade is massive, having a unified version of hyper inside of projects consuming the tough crate is beneficial. For example, hyper testing frameworks can work only with one version of the library at a time.
Description of changes:
Update to latest version of reqwest, v0.12. This version depends on hyper v1, while previous versions (like v0.11) rely on hyper v0.14.