Closed oleonardolima closed 7 months ago
@notmandatory @vladimirfomene As we don't have the Cargo.lock
file on the repo, I wasn't sure about the best way to update/bump it.
Can we bump the dependency that brings in h2 to get a patched version rather than just bumping h2?
Can we bump the dependency that brings in h2 to get a patched version rather than just bumping h2?
@notmandatory Actually we can close this PR, I did deeper research, and the request
crate does have a specific h2
version (they have ^0.3.14
), and neither it's being pinned nor are we providing a Cargo.lock
file, so it's fine as it is.
fix: bump h2 version to patched one, while reqwest has not been