warning: `cpufeatures v0.2.2` is yanked for newest sha2 = "0.10.6"

RustCrypto / hashes

Collection of cryptographic hash functions written in pure Rust

1.82k stars 247 forks source link

warning: `cpufeatures v0.2.2` is yanked for newest sha2 = "0.10.6" #425

Closed bestia-dev closed 1 year ago

bestia-dev commented 1 year ago

When I want to publish my project to crates.io I get this warning: warning: package cpufeatures v0.2.2 in Cargo.lock is yanked in registry crates-io, consider updating to a version that is not yanked

This yanked crate is used by the crate sha2 = "0.10.6" The only non-yanked version is cpufeatures = "0.2.5"

Is it possible for you to update to the non-yanked version of cpufeatures? For information: this warning does not appear when building, just when publishing to crates.io. Thanks.

newpavlov commented 1 year ago

Can't you simply perform cargo update to get non-yanked version of cpufeatures?

bestia-dev commented 1 year ago

I see. The dependency in hashes/sha2/Cargo.toml is defined without the third number (patch): cpufeatures = "0.2" This means that a fresh cargo build without Cargo.lock will use the last version 0.2.5. Old existing Cargo.lock will not update automatically. To force the update inside Cargo.lock to the new version of this transitive dependency, I can use cargo update -p cpufeatures --dry-run. Thanks. Learn something new every day.