jhorstmann
commented
2 years ago CI failures are caused by clippy, at least one looks like an actual bug that was already fixed on the main branch
Open jhorstmann opened 2 years ago
jhorstmann
commented
2 years ago CI failures are caused by clippy, at least one looks like an actual bug that was already fixed on the main branch
arlyon
commented
2 years ago I have a PR that fixes the lints which we can hopefully base this on top of: https://github.com/http-rs/http-types/pull/399
Fishrock123
commented
2 years ago Re-running CI now that #399 was merged
Fishrock123
commented
2 years ago Needs a rebase it seems
seanlinsley
commented
2 years ago @Fishrock123 I don't see a merge conflict on this branch. Seems like it can be merged?
jakubadamw
commented
2 years ago @Fishrock123 any chance this could be merged?
jhorstmann
commented
2 years ago Rebased. There might be new clippy lints since the last update, let's see.
nox
commented
1 year ago @Fishrock123 How can we help get this merged and a new release?
jbr
commented
1 year ago @nox it would help to open a PR fixing the broken clippies. They're not broken because of this PR, but they are blocking merge
nox
commented
1 year ago nox
commented
1 year ago @jhorstmann I've made a PR fixing the clippy lints and it got merged. Care to rebase this PR on top of current master? Thanks.
jhorstmann
commented
1 year ago @nox did you mean cherry-pick instead? My idea here was to apply the change to the 2.x branch for a maintenance release. The master branch seems to have switched to a different crate for random numbers.
Looking at the rustsec advisory again it also seems that rand 0.7 / rand_core 0.5 was never affected. Maybe the advisory was updated, or the tool we use at work for scanning dependencies had wrong information.
An updated maintenance release would still be nice.
nox
commented
1 year ago @nox did you mean cherry-pick instead? My idea here was to apply the change to the 2.x branch for a maintenance release. The master branch seems to have switched to a different crate for random numbers.
Yeah sorry, I just meant to tell you about the lint fixes so we can get this merged and released as some 2.y.z version.
nox
commented
1 year ago I just realised that the lints were independently fixed, so it seems all we need is a rebase, @jhorstmann.
nox
commented
1 year ago Ah, different lints were fixed, never mind.
There is an open rustsec issue (RUSTSEC-2021-0023) about a transitive dependency of http-types 2.12.0. On the main branch this seems to be fixed by migrating to
fastrandbut I think this might also warrant a maintenance release.