Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update "url" dependency and disable IDNA support #163

Merged
merged 1 commit into from
Feb 8, 2025
Merged

Update "url" dependency and disable IDNA support #163

merged 1 commit into from
Feb 8, 2025

Conversation

robertknight
Copy link
Owner

@robertknight robertknight commented Feb 8, 2025
edited
Loading

Update "url" dependency to the current version in ocrs-cli, then disable IDNA support to eliminate 20+ (!) dependencies. Disabling IDNA support uses the mechanism described at https://docs.rs/crate/idna_adapter/latest, which is to pin "idna_adapter" to a specific version:

Using this option is not recommended, but to make the idna crate not actually support IDNA, run cargo update -p idna_adapter --precise 1.0.0 in the top-level directory of your application.

For reference, ocrs-cli uses the URL dependency only to extract the last path segment from a URL to use as a filename.

An annoying downside of this change is that cargo update with no arguments will undo the pin.

@robertknight
Update "url" dependency and disable IDNA support
a44eee9 
Update "url" dependency to the current version in ocrs-cli, then disable IDNA
support to eliminate 20+ (!) dependencies. Disabling IDNA support uses the
mechanism described at https://docs.rs/crate/idna_adapter/latest, which is to
pin "idna_adapter" to a specific version.

For reference, ocrs-cli uses the URL dependency only to extract the last path
segment from a URL to use as a filename.
@robertknight robertknight merged commit 8acc9da into main Feb 8, 2025
2 checks passed
@robertknight robertknight deleted the disable-idna-support branch February 8, 2025 21:06
@robertknight
Copy link
Owner Author

robertknight commented Feb 9, 2025
edited
Loading

Unfortunately cargo install ocrs-cli will promptly "upgrade" idna_adapter and add these dependencies back in. cargo install ocrs-cli --locked avoids this.

robertknight added a commit that referenced this pull request Feb 9, 2025
@robertknight
Recommend use of --locked when installing ocrs-cli
3d243d4 
I was surprised to learn that `cargo install` does not respect a binary
package's lockfile by default [^1] and will attempt to upgrade dependencies.
Aside from installing package combinations that haven't been directly tested,
this also undoes the change in [^2] to avoid installing Unicode-related
dependencies. Specifying `--locked` when installing is thus both safer and faster.

[^1]: https://doc.rust-lang.org/cargo/commands/cargo-install.html#dealing-with-the-lockfile
[^2]: #163
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@robertknight