Fix Licensing issue

The licensing issue fixed by this patch is described in the comment in the code. Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
author: Matthias Beyer <mail@beyermatthias.de> 2020-12-07 13:22:53 +0100
committer: Matthias Beyer <mail@beyermatthias.de> 2020-12-07 13:22:53 +0100
commit: c334a447f1106d7eab24109f8ee572378bb49552 (patch)
tree: ccfc11f1998e7936fbc7fb9d4d5bcb9e4368b95a /Cargo.toml
parent: af04d39d28b952a4e77b169a339ec23163876360 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/Cargo.toml b/Cargo.toml
index 2b8e3a7..6d99b8e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -47,6 +47,22 @@ colored     = "2"
 syntect     = "4.4"
 thiserror   = "1"
 
+# Hard-code rand to 0.4.4
+#
+# Reason for this is this dependency chain:
+# diesel -> uuid (0.6) -> rand (0.4)
+# but rand 0.4.5 depends on fuchsia-cprng which has an unclear license
+# rand 0.4.4 is yanked, rand 0.4.3 does not contain this dependency.
+#
+# We do not explicitely need this dependency, we just want to force cargo not to
+# link against rand 0.4.5 because of this licensing issue.
+#
+# The proper solution for this would be to update "uuid" in diesel or
+# to update "rand" in uuid 0.6.
+#
+# Upstream issue: https://github.com/rust-random/rand/issues/1071
+rand = "=0.4.3"
+
 url      = { version = "2", features = ["serde"] }
 tokio    = { version = "0.2", features = ["macros", "fs"] }
 shiplift = { git = "https://github.com/softprops/shiplift", branch = "master" }
author	Matthias Beyer <mail@beyermatthias.de>	2020-12-07 13:22:53 +0100
committer	Matthias Beyer <mail@beyermatthias.de>	2020-12-07 13:22:53 +0100
commit	c334a447f1106d7eab24109f8ee572378bb49552 (patch)
tree	ccfc11f1998e7936fbc7fb9d4d5bcb9e4368b95a /Cargo.toml
parent	af04d39d28b952a4e77b169a339ec23163876360 (diff)