dependency crc-catalog v2.30 is yanked
jtmoon79 opened this issue · comments
Problem
I'm installing my project with --locked. cargo warns package crc-catalog v2.3.0 in Cargo.lock is yanked
$ cargo install --locked super_speedy_syslog_searcher
Updating crates.io index
Downloaded super_speedy_syslog_searcher v0.6.69
Downloaded 1 crate (461.5 KB) in 0.00s
Installing super_speedy_syslog_searcher v0.6.69
warning: package `crc-catalog v2.3.0` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
...
Reviewing cargo tree
├── lzma-rs v0.3.0
│ ├── byteorder v1.5.0
│ └── crc v3.0.1
│ └── crc-catalog v2.3.0
Solution
crate crc-catalog is, as of this time, at version v2.4.0. Can this crc-rs project update the dependency so there are no warning when using --locked ?
(I also need to submit an Issue or PR to lzma-rs which I'll when this Issue is fixed)
I can submit a PR if you prefer.
crc v3.0.1 depends on crc-catalog ^2.1.0. I can publish a crc v3.0.2 that depends on crc-catalog ^2.4.0 but that doesn't really accomplish much because you'll have to update the Cargo.lock file anyways. Instead, you can cargo update which will bump crc-catalog to v2.4.0.
I guess I'm not sure how bumping the dependency in crc-rs can help with this issue.