hyper-proxy crate is unmaintained, and depends on old rustls and ring-rs #158
Comments
|
We've got the change done on a branch: awakecoding#1 We'd need to start merging those changes instead of patching on top of unmerged branches, and we'd need to cut a release after that. I also confirm that with all those changes on the branch, all I needed to do after that was to bump the version of futures-rustls and tokio-tungstenite to get a single version of rustls reported by cargo tree, and managed to get a clean build without ring-rs. |
|
@dthomasngrokker I saw #162 got merged, now the next thing pulling outdated dependencies is this. We have a commit here that can be adapted: awakecoding@962c544 I suggest using cargo tree to inspect dependencies:
in my case it reports [email protected] (old, should be purged) and [email protected] (newer, may be harder to purge). Here's what I have for [email protected] with the latest main branch: |
This project uses hyper-proxy 0.9.1, a crate which hasn't been updated in at least 4 years: https://github.com/tafia/hyper-proxy
It looks like a classic case of a useful project being abandoned, and for which pull requests to update it aren't merged. Someone apparently got tired of waiting for released an updated version of the crate as hyper-proxy2 last year: https://crates.io/crates/hyper-proxy2
I am reviewing our dependencies to see if we can fully get rid of ring-rs imported through rustls, as the latest versions of rustls default to aws-lc-rs for the cryptographic library. aws-lc-rs supports a FIPS mode which I'm interested in.
Would it be possible to move away from the unmaintained hyper-proxy crate to make it easier to update the rustls dependency?
Thanks!
The text was updated successfully, but these errors were encountered: