Dependency upgrades for hyper and http 1.0

[clux]

All the dependabot PRs are failing and are for now being deliberately ignored as they cannot be upgraded alone. Unfortunately, we need to move with the ecosystem on this one, due to how tightly integrated these crates are.

TL;DR: We have to upgrade a slew of crates; http, http-body, hyper, all the hyper connector libs (hyper-openssl, hyper-rustls, hyper-socks2, hyper-timeout), all the extraneous hyper libs we need to adopt because of stuff that got moved out, tungstenite, and tower-http.

• http - with 1.1.0 - we are on 0.2
• http-body - with 1.0.0 on crates - we are on 0.4
• tower-http - with 0.5.2 - we are on 0.4
• hyper - with 1.2.0 - we are on 0.14
• hyper-openssl - with 0.10.2
• hyper-rustls - with 0.26.0 - we are on 0.24
• hyper-socks2 - with 0.9.0 now
• hyper-timeout - with 0.5.1 - we are on 0.4
• tokio-tungstenite - with 0.21 - we are on 0.20 says no real changes

rustls has also been making sizeable breaking changes to compound the issue, but this thankfully seems not too bad (comparatively) and is hopefully workable from #1418 :

• rustls - with 0.23 - we are on 0.21
• rustls-pemfile - with 2.1.1 - we are on 1.0

and additionally we need to grab some new utility libs spawned out of hyper/http because they didn't want to stabilise any of this:

• hyper_util for client::legacy (i think)
• http_body_util for new body types

It's kind of unclear how to proceed with our Body: hyperium/http-body#107
..we do have some body extensions of our own, but hopefully that can fall away.

There are also probably legitimate complaints with how we are doing things, but it's a big codebase, and it needs to support a lot. Help is welcome (but this is clearly difficult).

Time Frame

I am not sure this is feasible for us to do until at least reqwest has managed to do it's upgrade. We micic'd a lot of glue code in kube-client and if they can't even upgrade, it's less likely we can. However we could try the backports/deprecated features early perhaps.

Links

• https://hyper.rs/guides/1/upgrading/
• older WIP pr at hyper/http 1.0 bumps #1352 closed with frustrated comments
• hyper 1.0 roadmap with historical rationales for some of their changes
• historical PR on hyper Body trait evolution
• hyper 1.0 release
• reqwest WIP hyper upgrade PR

[rakshith-ravi]

hyper-rustls has one here - rustls/hyper-rustls#232

[allan2]

hyper-timeout 0.5 has been released.

[clux]

There's also a small upgrading guide now.

[rakshith-ravi]

There's also a small upgrading guide now.

Yeah I went through it. Still figuring out which body to use for which type. I'll probably have to bring in hyper-util as well. Is that alright?

[clux]

Yeah, that seemed necessary in the beginning for the connector types to me as well.

[clux]

have given up on my current branch for reasons. going to need someone else to helm this because it's above my pain threshold to be useful :(

[rakshith-ravi]

In all honesty, it's not the end of the world, so shouldn't be the biggest issue. I'll help you out as soon as I get time, don't worry

[clux]

Have updated the root body with more up-to-date information, feel free to post any updates that could help.

[clux]

There's a working PR up for this at #1438, so this is likely to get closed soon.