search

NLnetLabs / krill

RPKI Certificate Authority and Publication Server written in Rust
https://nlnetlabs.nl/projects/routing/krill/
Mozilla Public License 2.0
280 stars 37 forks source link

Documented `cargo install` command prints warnings about yanked versions. #1173

Closed ximon18 closed 6 months ago

ximon18 commented 7 months ago 
❯ cargo package
   Packaging krill v0.14.3 (/home/ximon/src/krill)
    Updating crates.io index
warning: package `deunicode v0.4.3` in Cargo.lock is yanked in registry `crates-io`, consider updating to a version that is not yanked
warning: package `hermit-abi v0.3.1` in Cargo.lock is yanked in registry `crates-io`, consider updating to a version that is not yanked
   Verifying krill v0.14.3 (/home/ximon/src/krill)
...

This causes cargo install krill --locked (which our public documentation says is the way to install via Rust Cargo) to complain:

❯ cargo install --locked krill --force
    Updating crates.io index
  Installing krill v0.14.3
    Updating crates.io index
warning: package `deunicode v0.4.3` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `hermit-abi v0.3.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
ximon18 commented 7 months ago

hermit-abi seems to have been locked to a yanked version since Krill 0.13.0. deunicode seems to have been locked to a yanked version since Krill 0.8.0.

ximon18 commented 7 months ago

The entire 0.4.x series of deunicode was yanked but there's no information as to why in the crates repository.

ximon18 commented 7 months ago

For hermit-abi the yank was due to "a huge backwards compatibility violation".