Update cookie dependency to 0.10 to avoid ring hell #627
Comments
|
My understanding is that bumping cookie to 0.10 (I assume you are using rocket 0.3) will surprise-break everyone else on rocket 0.3 that already transitively depends on ring 0.11, so that would be a non-starter. Rocket You might be able to find older versions of your client libraries that depend on ring 0.11. Unfortunately, I don't know of a good way to discover reverse dependencies of crates by specific previous versions, and this could involve a lot of manual trial and error or viewing crate histories. |
|
Yea.. that makes sense. I did manage to eventually build a solution that doesn't depend on ring whatsoever, but it seems so hacky 😞 |
|
Exactly as @jebrosen states, we (very unfortunately) simply cannot do this as it is a breaking change. The proper fix is a change to ring, which I've already submitted (briansmith/ring#619). Unfortunately, there's been no movement on that in months. Alas, we may have to switch off of ring yet. Since there's nothing we can do, I'm closing out this issue. I absolutely understand the confusion, however, and finding a permanent fix to this is something I'm deeply interested in. |
SergioBenitez
added
upstream
I'm loving Rocket. It's getting me into Rust, and things have been going amazingly great. Until now, that is—where I need my server to make an https request to another server to get something done.
The problem is that every library that does this seems to (eventually) depend on ring. Specifically, version 0.12 of ring. The current dependency on Cookie (0.9) uses ring 0.11, but Cookie 0.10 uses ring 0.12, which seems compatible with a ton of things out there.
I know the frustration you've had with this (I've checked the threads), but for now, it seems like this could be fixed by bumping the Cookie dependency to 0.10. I wish I knew more about the Rust world to make a more meaningful contribution for this, but I'm working my way there!
The text was updated successfully, but these errors were encountered: