Run cargo local-registry --sync Cargo.lock registry
Update .cargo/config.toml according to the instructions, replacing crates.io with the local registry
Run cargo deny check
Every dependency will be reported with something like this:
warning[index-failure]: unable to check for yanked crates
┌─ /<censored>/workspace/examples/local_reg_yanked/Cargo.lock:15:1
│
15 │ tokio 1.38.0 registry+https://github.com/rust-lang/crates.io-index
│ ------------------------------------------------------------------ crate whose registry we failed to query
│
= the url '/<censored>/workspace/examples/local_reg_yanked/registry' is invalid
= tokio v1.38.0
└── local_reg_yanked v0.1.0
cargo-deny version
0.14.24
What OS were you running cargo-deny on?
Linux
Additional context
I don't know if a local registry mirror created with cargo-local-registry theoretically contains the information about yanked crates. If so, did the way cargo deny queries for it change? I think this still worked a while back with the same local registry setup.
Describe the bug
When using a local registry mirror setup with
cargo-local-registry,cargo deny checkfails to check for yanked versions.To reproduce
cargo-local-registrycargo local-registry --sync Cargo.lock registry.cargo/config.tomlaccording to the instructions, replacing crates.io with the local registrycargo deny checkEvery dependency will be reported with something like this:
cargo-deny version
0.14.24
What OS were you running cargo-deny on?
Linux
Additional context
I don't know if a local registry mirror created with
cargo-local-registrytheoretically contains the information about yanked crates. If so, did the waycargo denyqueries for it change? I think this still worked a while back with the same local registry setup.