This is just something I was wondering about. Suppose somebody discovers an error in a crate, is there any way ( say ) for a warning to be propagated somehow to the users of a crate, to prompt them to upgrade to a fixed version of the crate?
I hope it's not a stupid question!
There's no way to prompt directly, but if the bug is serious enough that people should stop using the buggy version, the solution is to "yank" the version:
cargo yank --vers version.with.the.bug
so that new projects or
cargo update won't pick it.
cargo-audit will complain if the bug is security-related and has been reported to the RustSec Advisory Database.
It looks like cargo-audit will also warn of any yanked packages, independent of the RustSec Advisory Database ( although the documentation isn't very explicit about that ).
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.