search

tomaka / rouille

Web framework in Rust
Apache License 2.0
1.09k stars 105 forks source link

Update depdendencies. Add rustls option. #253

Closed ghost closed 1 year ago

ghost commented 2 years ago

Also, based on https://kerkour.com/rust-crate-backdoor I think it would be good practise to pin exact versions of dependencies.

bradfier commented 2 years ago

We'll need to adjust the feature matrix for CI because we can't compile with both the SSL implementations.

Also, based on https://kerkour.com/rust-crate-backdoor I think it would be good practise to pin exact versions of dependencies.

On this point, I'm not sure I agree. Pinning specific versions has a downside, it means Cargo can't coalesce mutually compatible dependencies across the tree.

This would mean, for example, if three dependencies pinned time-rs at 3.0.0, 3.0.1 and 3.1, Cargo would have to compile all three crates into the output binary, despite all three being mutually semver compatible.

ghost commented 1 year ago

@bradfier

bradfier commented 1 year ago

Thanks @3xmblzj5 as ever.

I'll cut a release for this this week.