Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade tower and other dependencies #2880

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Upgrade tower and other dependencies #2880

wants to merge 2 commits into from

Conversation

elichai
Copy link

@elichai elichai commented Aug 18, 2024

Motivation

Upgrade dependencies to reduce duplicate dependencies in binaries depending on axum together with other projects using tower

Solution

Upgrade everything to latest version,
I did not upgrade matchit to 0.8 as this is a breaking change for routing matching so I'm not sure how to move forward with this, the changes are: https://github.com/ibraheemdev/matchit/releases/tag/v0.8.0

@elichai
Copy link
Author

elichai commented Aug 18, 2024

This should fix the failed CI: tower-rs/tower#788

@martinetd
Copy link

Thanks, I also had been looking at the same after noticing duplicates in our dependencies and found this update.

Just commenting on failed checks:

  • msrv, it looks like prost 0.13 requires rust 1.70 (while axum's msrv is 1.66); 1.70 looks old enough to me to just update requirements but I have no opinion here, I don't otherwise depend on prost so would be happy to keep it lower for a while longer if there is no security implication (didn't check deeply, doesn't seem to be any)
  • duplicates ('bans licenses sources' check)
    • sync_wrapper: tower 0.5 requires 0.1.2 so we need to stick with the old version until they in turn upgrade
    • tower 0.4 is still pulled from reqwest 0.12.4 -> hyper-util v0.1.8 -> tower v0.4.13; so I guess we need to start with updating hyper-util?... that's apparently holding on another msrv problem as well: chore(dependencies): bump tower to v0.5 hyperium/hyper-util#144

dependency tracking in rust is so much fun.

@jplatte
Copy link
Member

jplatte commented Sep 20, 2024

tower and tower-http are upgraded now. It would make a lot of sense to do the rest of the updates from this PR, but I would prefer separate PRs for examples vs. non-example code.

W.r.t. cargo-deny, it's not a big deal to add more entries to the allowlist for duplicate dependencies. Really I don't find error-on-duplicate-deps to be such a useful thing in general.

@jplatte
Copy link
Member

jplatte commented Sep 20, 2024

Oh and thanks for the effort, and sorry for letting this PR (and others) linger for so long.

@martinetd
Copy link

Thank you!

W.r.t. cargo-deny, it's not a big deal to add more entries to the allowlist for duplicate dependencies. Really I don't find error-on-duplicate-deps to be such a useful thing in general.

Good to know; I'm more used to the world of distro packaging where depending on two versions of a .so would generally just blow up but if you think it's not a problem here I'll trust your judgement on it.
It looks like trying to upgrade everything in lockstep would be difficult here anyway and might as well start somewhere

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elichai @martinetd @jplatte