chore(gateway): update tokio-tungstenite to v0.20 #2300
Conversation
There has recently been a CVE for tungstenite which can be fixed by updating from v0.18 to the latest v0.20.1.
|
As I was just being made aware of in #2301, there is a I assume this update isn't needed anymore then? |
|
As I don't see it as breaking we could do this for the last version that we release with the changes that have accumulated. @Gelbpunkt What is your thought about it? |
|
I didn't plan a new patch release before the next minor release (which I intend to do this December), so this is not a dependency update we should be making. tokio-tungstenite 0.20 uses a different version of rustls than 0.18, which is a crate that should definitely be avoided duplicating in the dependency tree and is a change too large for a patch release. See this comment for my rationale behind rejecting essentially the same PR (linked one and #2270). |
|
Thanks for the input, I'll close this then. Sorry that I didn't see the previous PR which did essentially the same 🙇♂️ |
There has recently been a CVE for tungstenite which can be fixed by updating from v0.18 to the latest v0.20.1.