hyperx icon indicating copy to clipboard operation
hyperx copied to clipboard

Published 20 hours ago verified publisher icon dekellum

Why do dependencies have upper bounds?

Open adamchalmers opened this issue 2 years ago • 6 comments

Hi! I'm wondering why your bytes dependency is locked to <1.2 -- it's causing some problems for my project which uses hyperx. Would you be open to broadening this to include up to bytes 1.4?

adamchalmers avatar Aug 22 '22 16:08 adamchalmers

The upper bounds are definitely causing issues. I'm having trouble upgrading percent-encoding in my project even though it is compatible. The upper bounds should definitely be stripped. We have to rely on those dependencies to maintain compatibility.

kevincox avatar Sep 10 '22 13:09 kevincox

This crate is breaking dependency resolution for me, I can't add www-authenticate to my project because it depends on hyperx which requires percent-encoding = ">=2.1.0, <2.2" but my project already contains form_urlencoded which depends on percent-encoding = "^2.2.0".

kpcyrd avatar Dec 11 '22 19:12 kpcyrd

@dekellum is there any chances you could merge something like https://github.com/dekellum/hyperx/pull/40 so people can still use this crate without having dependency issues? Thanks

chantra avatar Dec 19 '22 17:12 chantra

#41 is heavily based on #40, but using a few more relaxed dependency rules and bumped them when possible (for instance using http 1.X vs0.X)

chantra avatar Dec 19 '22 19:12 chantra

Explanation of the problem: https://github.com/rust-lang/cargo/issues/6584#issuecomment-457245362

Cargo strongly discourages usage of any version requirement other than ^ unless you're really sure you know what you're doing

matt-phylum avatar Apr 17 '23 16:04 matt-phylum

I suggest just using chantra's branch (https://github.com/chantra/hyperx/tree/semver) instead of the crates.io version. That's what https://github.com/oxidecomputer/third-party-api-clients is doing.

adamchalmers avatar Apr 17 '23 16:04 adamchalmers