Is there any automated mechanism to handle discovery of a bug in a crate?

This is just something I was wondering about. Suppose somebody discovers an error in a crate, is there any way ( say ) for a warning to be propagated somehow to the users of a crate, to prompt them to upgrade to a fixed version of the crate?

I hope it's not a stupid question!

There's no way to prompt directly, but if the bug is serious enough that people should stop using the buggy version, the solution is to "yank" the version:

cargo yank --vers version.with.the.bug

so that new projects or cargo update won't pick it.

1 Like

cargo-audit will complain if the bug is security-related and has been reported to the RustSec Advisory Database.

1 Like

It looks like cargo-audit will also warn of any yanked packages, independent of the RustSec Advisory Database ( although the documentation isn't very explicit about that ).

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.