Release `0.1.7` doesn't include `cli-log` update
edulix opened this issue · comments
Eduardo Robles commented
First of all, thanks for this awesome open source project guys!
The latest release (0.1.7) doesn't seem to actually use latest code and dependencies security updates.
The change in f8163e9 bumped cli-log to 2.0 and svg from 0.1. This happened in Dec 24, 2021.
However, release 0.1.7 still shows cli-log 0.1 as a dependency even though it was published in June 7th, 2022. Moreover, it's 100% unclear to me what commit was used in publishing the crate release, because neither releases nor tags are being created in Github. This is concerning.
Suggestions/action-items:
- Create a
0.1.8
release using the cli-log dependency. - Create releases also in github, and tag them.
- When publishing a crate release, do not use
cargo publish --allow-dirty
but instead usecargo publish
so that the file.cargo_vcs_info.json
is inside the release (more details here).