Why use an older version of `itoa` crate?

[stackinspector]

I found the duplicate dependency itoa when I used cargo tree -d to check for duplicate dependencies for a project that has dependencies on both serde_json and some libraries based on hyper. The conflict occurred between this http crate (and the hyper crate and another crate) which uses the older v0.4.8 version, and serde_json which uses the latest v1.0.1 version. I have no knowledge of the itoa crate, so I cannot determine if using the older version is expected. It's actually not a big deal, but since I've found it, I think it's better to file it.

> cargo tree -d
itoa v0.4.8
├── http v0.2.5
│   ├── h2 v0.3.9
│   │   └── hyper v0.14.16
│   │       ├── ...skip
│   ├── http-body v0.4.4
│   │   ├── hyper v0.14.16 (*)
│   │   └── reqwest v0.11.8 (*)
│   ├── hyper v0.14.16 (*)
│   ├── hyper-rustls v0.23.0 (*)
│   ├── reqwest v0.11.8 (*)
│   └── tungstenite v0.16.0
│       └── ...skip
├── hyper v0.14.16 (*)
└── serde_urlencoded v0.7.0
    ├── ...skip

itoa v1.0.1
└── serde_json v1.0.73
    ├── ...skip

[olix0r]

@stackinspector It was updated about two weeks ago (https://github.com/hyperium/http/commit/abe651273f4cf19cf9a247f376e9ece85becc722) but there hasn't been a release of http yet.

[d-e-s-o]

Is there an ETA for the next release that includes this bump, by any chance?

[seanmonstar]

v0.2.6 released just now.