Open jhorstmann opened 2 years ago
CI failures are caused by clippy, at least one looks like an actual bug that was already fixed on the main branch
I have a PR that fixes the lints which we can hopefully base this on top of: https://github.com/http-rs/http-types/pull/399
Re-running CI now that #399 was merged
Needs a rebase it seems
@Fishrock123 I don't see a merge conflict on this branch. Seems like it can be merged?
@Fishrock123 any chance this could be merged?
Rebased. There might be new clippy lints since the last update, let's see.
@Fishrock123 How can we help get this merged and a new release?
@nox it would help to open a PR fixing the broken clippies. They're not broken because of this PR, but they are blocking merge
@jhorstmann I've made a PR fixing the clippy lints and it got merged. Care to rebase this PR on top of current master? Thanks.
@nox did you mean cherry-pick instead? My idea here was to apply the change to the 2.x branch for a maintenance release. The master branch seems to have switched to a different crate for random numbers.
Looking at the rustsec advisory again it also seems that rand
0.7 / rand_core
0.5 was never affected. Maybe the advisory was updated, or the tool we use at work for scanning dependencies had wrong information.
An updated maintenance release would still be nice.
@nox did you mean cherry-pick instead? My idea here was to apply the change to the 2.x branch for a maintenance release. The master branch seems to have switched to a different crate for random numbers.
Yeah sorry, I just meant to tell you about the lint fixes so we can get this merged and released as some 2.y.z version.
I just realised that the lints were independently fixed, so it seems all we need is a rebase, @jhorstmann.
Ah, different lints were fixed, never mind.
There is an open rustsec issue (RUSTSEC-2021-0023) about a transitive dependency of http-types 2.12.0. On the main branch this seems to be fixed by migrating to
fastrand
but I think this might also warrant a maintenance release.