Use lazy_static 1.2.0, remove twoway/pcmp and require rust 1.24.1+ #118
Conversation
Before this patch, multipart got into an impossible sitation with
it's dependencies. It errs with:
```
error: failed to select a version for `lazy_static`.
... required by package `multipart v0.15.4`
versions that meet the requirements `>= 1.0, < 1.2.0` are: 1.1.0, 1.0.2, 1.0.1, 1.0.0
all possible versions conflict with previously selected packages.
previously selected package `lazy_static v1.2.0`
... which is depended on by `ring v0.13.5`
... which is depended on by `cookie v0.11.0`
... which is depended on by `rocket_http v0.4.0`
... which is depended on by `rocket v0.4.0`
... which is depended on by `multipart v0.15.4
```
This is due to ring 0.13.3 bumping lazy_static to 1.2.0 to avoid
a [soundness bug](rust-lang-nursery/lazy-static.rs#117).
This patch fixes this problem by requiring at least rust 1.24.1.
In addition, I noticed that the feature sse4 was depending on
`twoway/pcmp`, but that has been [removed](bluss/twoway#8).
|
Note that I filed a ticket with rouille to also raise their minimum required version, which is why you reverted back from the minimum version being 1.26.1. cc @abonander and @FauxFaux |
|
Considering how often this crate runs into dependency issues with Rust versions, I'm thinking of maybe only supporting latest stable or maybe latest stable - 3 releases or something. I know some people still need older version support though. It might be worthwhile to break |
|
Sure, whatever works for you! I'm just trying to get that buggy lazy_static out of my dependency tree. |
|
I apologise for my part in causing this situation! Personally, I track stable, and gaze in awe at people who attempt to maintain support for older versions. I thought we might be at the point where it was kind of possible to do so, but apparently not. :| |
|
I'll take the discussion on minimum version and subcrates into its own issue (and if you know any potential stakeholders please let them know to look out for them). This change seems reasonable enough although it is technically a breaking change so it'll be a minor version bump. |
|
Glad to hear it. Regarding your dependencies, |
Attempt number two :)
Before this patch, multipart got into an impossible sitation with it's dependencies. It errs with:
This is due to ring 0.13.3 bumping lazy_static to 1.2.0 to avoid a soundness bug. This patch fixes this problem by requiring at least rust 1.24.1.
In addition, I noticed that the feature sse4 was depending on
twoway/pcmp, but that has been removed.