search

Keats / tera

A template engine for Rust based on Jinja2/Django
http://keats.github.io/tera/
MIT License
3.43k stars 279 forks source link

Upgrade pest dependency to 2.7.0 #838

Closed basbossink-ds closed 6 months ago

basbossink-ds commented 1 year ago

Due to the fact the pest developers yanked versions 2.6.0 and 2.6.1 cargo deny now creates a warning for tera:

warning[yanked]: detected yanked crate
    ┌─ /var/whack/workspace/source/tandemdrive/edrive/Cargo.lock:139:1
    │
139 │ pest 2.6.0 registry+https://github.com/rust-lang/crates.io-index
    │ ---------------------------------------------------------------- yanked version
    │
    = pest v2.6.0
      ├── pest_derive v2.6.0
      │   └── tera v1.19.0
....

This PR upgrades pest to version 2.7.0 fixing the warning.

robjtede commented 1 year ago

The solution for you is to cargo update since cargo-deny only reads lockfiles. Changing the minimum version requirement in lib is not the correct solution, and in fact could be worse for all users if 2.7.0 ever needed yanking, too.