Closed kwonoj closed 1 year ago
Did you see https://github.com/wooorm/markdown-rs/issues/34? I mistook what “build” means in Rust, so the plan is to move it to dev dependencies.
Would doing so that also solve this issue?
I mistook what “build” means in Rust, so the plan is to move it to dev dependencies.
As far as I know, if reqwest
lives in any kind of dependencies, this change is still meaningful. That's the part I mentioned regardless of type of dependencies
. If newly proposed change will get rid of reqwest entirely from cargo.toml
, so upstream application's cargo.lock
not being affected, it'll resolve the issue.
From what I see dev-dependencies of dependencies are not in cargo.locks, so that should solve it?
If that's the case, yes, I think so. But I was not able to confirm all of the build chains by myself with those.
Just to clarify I'm fine either cases to move away dep from build, or trying this way - please feel free to close this one if needed. I also think moving dep away would be more preferred way.
This PR allows to control TLS backend for the dependency
reqwest
, while makes default (native-tls) as-is. Only if someone need to explicitly control they can disable default, then opt into specific.reqwest
is build-dependencies, so may seems it doesn't cause any problem: however, due to cargo creates lockfile & compiles it can actually brings some interesting challenges.Now building
Application
generates a lockfile for it, and cargo merges every feature for the dependencies into single likeregardless of type of dependencies. There are target platforms require specific TLS backend only, now building
Application
fails on those platform.I tried to make this change non-invasive as much. Default works exactly same as current, and only explicit opt-in would change its behavior. Also added cases for 1. for disabling tls entirely, attempt to use
http
with warning 2. specifying both tls fails build.