chore: update http crate

[morenol]

Depends on actix/actix-net#508

PR Type

Updates http crate

PR Checklist

• Tests for the changes have been added / updated.
• Documentation comments have been added / updated.
• A changelog entry has been made for the appropriate packages.
• Format code with the latest stable rustfmt.
• (Team) Label with affected crates and semver status.

Overview

[robjtede]

I'm curious if you have any particular motive to get this merged. From my PoV, the Actix Web project doesn't have any real need to do it.

[morenol]

Thanks for your feedback! I don't have any particular motive other than having that dependency up to date, so other crates that have actix-* as dependency can also update their http dependency to the latest one

[therealprof]

Not really sure how that happened but:

# cargo tree -i http@1.0.0
http v1.0.0
├── actix-tls v3.3.0
│   ├── actix-http v3.6.0
│   │   ├── actix-web v4.5.1
│   │   │   ├── actix-cors v0.7.0
...

whereas the rest of the actix universe is depending on 0.2. It is a bit unfortunate that one set of actix crates pulls in one dependency in two different versions.

[robjtede]

Context for that particular change: actix/actix-net#508

[therealprof]

I think switching to and using a 1.0 version is always a good venture due to the implied stability guarantees.

[juchiast]

Is there anything blocking this PR?

[juchiast]

I'm curious if you have any particular motive to get this merged. From my PoV, the Actix Web project doesn't have any real need to do it.

One use case is passing header values extracted from actix's request to other libraries, such as reqwest 0.12 .
Because of incompatible http version, we have to convert HeaderValue to bytes before passing.

[linuxtim]

I'm curious if you have any particular motive to get this merged. From my PoV, the Actix Web project doesn't have any real need to do it.

Inevitably security support for http 0.2.x will cease long before security support for http 1.x does.