dependency crc-catalog v2.30 is yanked
jtmoon79 opened this issue · comments
Problem
I'm installing my project with --locked
. cargo
warns package crc-catalog v2.3.0 in Cargo.lock is yanked
$ cargo install --locked super_speedy_syslog_searcher
Updating crates.io index
Downloaded super_speedy_syslog_searcher v0.6.69
Downloaded 1 crate (461.5 KB) in 0.00s
Installing super_speedy_syslog_searcher v0.6.69
warning: package `crc-catalog v2.3.0` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
...
Reviewing cargo tree
├── lzma-rs v0.3.0
│ ├── byteorder v1.5.0
│ └── crc v3.0.1
│ └── crc-catalog v2.3.0
Solution
crate crc-catalog
is, as of this time, at version v2.4.0. Can this crc-rs
project update the dependency so there are no warning when using --locked
?
(I also need to submit an Issue or PR to lzma-rs
which I'll when this Issue is fixed)
I can submit a PR if you prefer.
crc v3.0.1
depends on crc-catalog ^2.1.0
. I can publish a crc v3.0.2
that depends on crc-catalog ^2.4.0
but that doesn't really accomplish much because you'll have to update the Cargo.lock
file anyways. Instead, you can cargo update
which will bump crc-catalog
to v2.4.0.
I guess I'm not sure how bumping the dependency in crc-rs
can help with this issue.