nlopes / libhoney-rust

Rust library for sending data to Honeycomb
MIT License
23 stars 16 forks source link

Dependency versions locked too tightly #30

Closed andrewaylett closed 4 years ago

andrewaylett commented 4 years ago

Per https://doc.rust-lang.org/cargo/faq.html#why-do-binaries-have-cargolock-in-version-control-but-not-libraries I see you've not got a Cargo.lock, but we're using the = requirements specifier for all our dependencies, which can still cause problems.

My specific issue is that the new 2.0.0 release of actix-web depends on a strictly later version of serde, meaning that my project can't now contain both the new release of actix-web and libhoney-rust.

Can we relax the dependencies to caret dependencies, and trust semver to do the right thing unless proven otherwise?

nlopes commented 4 years ago

Sorry @andrewaylett. Have been away and for some reason this didn't pop-up in my email. I'm ok with relaxing at least for now..