-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rustsec
crate locked to yanked versions of tame-index
#1156
Comments
I don't want to rush this because the latest We need to be careful with the upgrade, and make sure we don't break compilation for users again. Downgrade to 0.29.0 is fine because the only change in 0.29.1 is bumping |
As things stand the current Can we get the build green again, at least? |
There is no tame-index version that ships with the I think just bumping to tame-index 0.10 and its associated Maybe I should have just raised an issue with tame-index upstream instead of shipping a hotfix to unblock builds everywhere ASAP. This is kind of a mess now 😞 |
Can we roll back? The other changes would remain in git history and could be used as the basis of the branch to fully upgrade. |
Yeah, I don't see why not. Just set |
The
rustsec
crate (and its v0.29.1 release) are currently locked totame-index
>= v0.9.8https://github.com/rustsec/rustsec/blob/30b098c/rustsec/Cargo.toml#L27
However, v0.9.8 and v0.9.9 have been yanked:
https://crates.io/crates/tame-index/versions
This results in the following error from Cargo:
https://github.com/rustsec/rustsec/actions/runs/8429297259/job/23083332878
If you
cargo install cargo-audit
, it downgrades torustsec
v0.29.0 to work around this.The text was updated successfully, but these errors were encountered: