Hi, I want to purposefully include a yanked version of a library into my project for a CTF challenge I'm building. Is there a cargo flag to force this? Or do I have to manually edit the lock-file to convince cargo?
I don't think vanilla Cargo has a flag or configuration value you can set (and I don't know any extension for this either—it's a rather strange and potentially dangerous thing to do in anything but academic contexts). From the docs:
Cargo will not use a yanked version for any new project or checkout without a pre-existing lockfile, and will generate an error if there are no longer any compatible versions for your crate.
So I guess you have to manually edit Cargo.lock.
4 Likes
If the repository still exists, you can also vendor that library directly (typically as a Git submodule) and manually specify its path in Cargo.toml.
1 Like
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.