Closed SpamapS closed 10 months ago
As far as I can see, regex
is not exported from our public interface, but only used in https://github.com/rust-cli/env_logger/blob/main/src/filter/regex.rs :eyes:
I'll approve CI, but leave the final decision to @epage here.
I intentionally do not bump library version requirements unless we specifically need something from it. This avoids churn for end users and lets them workaround problems on their side by picking the version they want. By default, cargo will pick the latest version for them and they are free to update their lockfile (our lockfile has no effect on them).
There have been a number of performance enhancements which make having a newer regex desirable. However the most important change was dropping thread_local in 1.4.4. Thread_local had some security vulnerabilities, making it trigger lots of dependabot alerts when it lands in Cargo.lock files.