v0.38.0 adding plenty of new dependencies

[Turbo87]

How do you use Sentry?

Sentry SaaS (sentry.io)

SDK version

v0.38.0

Steps to reproduce

see https://github.com/rust-lang/crates.io/pull/11143/files

Expected result

No significant increase in dependencies

Actual result

The sentry crate suddenly pulls in actix-web with its 30 dependencies and plenty of other things that we are not actually using.

Is there a reason why the core sentry crate now needs all of these seemingly non-optional dependencies? If this comes from the new OpenTelemetry integration then maybe it would be better to put that behind a feature flag or extract it to a dedicated crate?

[lcian]

Thanks for calling that out.
The reason it's downloading those dependencies is that I forgot a question mark here

release-health = ["sentry-core/release-health", "sentry-actix?/release-health"]

We'll release a fix ASAP.

[Turbo87]

rust-lang/crates.io#11143 was updated to the latest release but it looks like it still contains the actix dependencies for some reason 🤔

[lcian]

Yeah @Turbo87 I've also noticed that, it will be there in Cargo.lock but not actually built, e.g. if you use cargo tree it would not be there.
I think it's just a side effect of the /? syntax so this is the best we can do, see #805 (comment)

[Turbo87]

huh, interesting... I thought that was only the case for target-specific dependencies, not weak dependencies, but looks like you're right. sorry for the noise :)

[lcian]

All good and thank you for reporting, I was also surprised that it works like this.

[lcian]

Linking the relevant cargo issue here for the record rust-lang/cargo#10801
Thanks @Swatinem for sharing