Update requirement of `url=2.3.1`

Question

Update requirement of `url=2.3.1`

jeffrey-dot-li opened this issue 8 months ago · 3 comments

Are we able to update the dependency of url=2.31.? This is to make the crate compatible with other crate requiring a later url version (gcloud-sdk in my case needs url>=2.5.0. I read in the Cargo.toml that it is because of the cookie_store dependency, but updating url to 2.5.0 works on my fork and all tests pass. https://github.com/jeffrey-dot-li/ureq

Answer 1 · 2024-02-06T16:38:09.000Z

Hi @jeffrey-dot-li, welcome to ureq!

Doing so is not possible at the moment. See comment here: https://github.com/algesten/ureq/blob/main/Cargo.toml#L44-L47

We would get double versions of the idna dep, and we use cargo deny to disallow multiple versions of the same dependency. I haven't investigated if cookie-store has an open issue for this.

Answer 2 · 2024-02-06T23:21:45.000Z

In my opinion dependencies shouldn't be pinned unless absolutely necessary because they have the potential to break lots of downstream consumers and I also can't update some dependencies because of this.

Couldn't you loosen the restriction but still keep using that version in Cargo.lock and cargo deny would still be fine with that? Otherwise I think adding an exception to your deny config would be a better short term approach.

Answer 3 · 2024-02-08T23:20:08.000Z

A new version of cookie_store has been released which resolves the duplicate deps.

I've opened #722 to update to it, plus bump the matching deps.