Closed dnaka91 closed 9 months ago
dnaka91
commented
9 months ago As I was just being made aware of in #2301, there is a next branch for the next breaking version of Twilight. Looking at it, I see that tokio-tungstenite seems to be replaced with tokio-websockets.
I assume this update isn't needed anymore then?
Erk-
commented
9 months ago As I don't see it as breaking we could do this for the last version that we release with the changes that have accumulated. @Gelbpunkt What is your thought about it?
Gelbpunkt
commented
9 months ago I didn't plan a new patch release before the next minor release (which I intend to do this December), so this is not a dependency update we should be making. tokio-tungstenite 0.20 uses a different version of rustls than 0.18, which is a crate that should definitely be avoided duplicating in the dependency tree and is a change too large for a patch release. See this comment for my rationale behind rejecting essentially the same PR (linked one and #2270).
dnaka91
commented
9 months ago Thanks for the input, I'll close this then. Sorry that I didn't see the previous PR which did essentially the same :bowing_man:
There has recently been a CVE for tungstenite which can be fixed by updating from v0.18 to the latest v0.20.1.