Lib.rs

Issues found

Based on crates you own that have been published to crates.io. The best way to monitor these issues is to subscribe to the atom feed in your RSS reader.

• polaris-specification

  • Dependency tonic 0.11.0 is significantly outdated

    Upgrade to 0.12.3 to get all the fixes, and avoid causing duplicate dependencies in projects.

    In Cargo, different 0.x versions are considered incompatible, so this is a semver-major upgrade.

    tonic versions

  • Dependency tonic-build 0.11.0 is significantly outdated

    Upgrade to 0.12.3 to get all the fixes, and avoid causing duplicate dependencies in projects.

    tonic-build versions

  • Published crate doesn't match its repository

    Verified 24 out of 33 files (includes 2 Cargo-generated).

    • warning: build.rs is used in git, but disabled in the crates.io package

    Files in the crates.io crate compared to the repository:

    • Cargo.toml.orig does not match the repository.
    • proto/
      • contract.proto does not match the repository.
      • lane.proto does not match the repository.
      • ratelimit.proto does not match the repository.
      • response.proto does not match the repository.
      • request.proto does not match the repository.
      • lossless.proto does not match the repository.
    • source/rust/polaris-specification/proto/
      • contract.proto exists, but elsewhere in the repo.
      • lane.proto exists, but elsewhere in the repo.
      • request.proto exists, but elsewhere in the repo.
      • response.proto exists, but elsewhere in the repo.
      • block_allow_list.proto exists, but elsewhere in the repo.
      • ratelimit.proto exists, but elsewhere in the repo.
      • lossless.proto exists, but elsewhere in the repo.
    • v1.rs does not match the repository.

    Looked for the crate in source/rust/polaris-specification/. Fetched https://github.com/polarismesh/specification.git tagged v1.5.5-alpha.0 (b28533b054cd9635bf4106c4126c7932083f4b40).

    Checked on 2024-12-01

    This check is experimental.

    Forum thread

  • Dependency prost 0.12 is outdated

    Upgrade to 0.13.5 to get all the fixes, and avoid causing duplicate dependencies in projects.

    prost versions

  • Dependency prost-build 0.12 is outdated

    Upgrade to 0.13.5 to get all the fixes, and avoid causing duplicate dependencies in projects.

    prost-build versions

  • Dependency prost-types 0.12 is significantly outdated

    Upgrade to 0.13.5 to get all the fixes, and avoid causing duplicate dependencies in projects.

    prost-types versions

  • Latest prerelease is old

    It's been over 3 months. Is this crate still maintained? Make a new release, either to refresh it, or to set

    [badges.maintenance]
    status = "deprecated"
    

    (or "as-is", "passively-maintained").

    Users pay attention to the latest release date. Even if the crate is perfectly fine as-is, users may not know that.

    Maintenance status field docs

• snowflake_me

  • Imprecise dependency requirement thiserror = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as thiserror = "2.0.12". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    This crate does not bump semver-minor when adding new features, so to be safe you get all the features/APIs/fixes that your crate depends on, require a more specific patch version.

    thiserror versions

  • Dependency thiserror 1 is a bit outdated

    Consider upgrading to 2.0.12 to get all the fixes and improvements.

    Easy way to bump dependencies: cargo install cargo-edit; cargo upgrade -i; Also check out Dependabot service on GitHub.

    thiserror versions

• polaris-rust

  • Dependency block-modes 0.8.1 has issues

    It may not be actively developed any more. Consider changing the dependency.

    block-modes crate

  • Dependency serde_yaml 0.9.34 has issues

    It may not be actively developed any more. Consider changing the dependency.

    serde_yaml crate

  • Dependency tonic 0.11.0 is significantly outdated

    Upgrade to 0.12.3 to get all the fixes, and avoid causing duplicate dependencies in projects.

    tonic versions

  • Dependency aes 0.7.4 is outdated

    Upgrade to 0.8.4 to get all the fixes, and avoid causing duplicate dependencies in projects.

    aes versions

  • Dependency dashmap 5.4.0 is outdated

    Consider upgrading to 6.1.0 to get all the fixes and improvements.

    dashmap versions

  • Dependency http 0.2.12 is outdated

    Upgrade to 1.2.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    http versions

  • Dependency prost 0.12.4 is outdated

    Upgrade to 0.13.5 to get all the fixes, and avoid causing duplicate dependencies in projects.

    prost versions

  • Dependency prost-build 0.12.4 is outdated

    Upgrade to 0.13.5 to get all the fixes, and avoid causing duplicate dependencies in projects.

    prost-build versions

  • Dependency prost-types 0.12.4 is significantly outdated

    Upgrade to 0.13.5 to get all the fixes, and avoid causing duplicate dependencies in projects.

    prost-types versions

  • Dependency rand 0.8.4 is a bit outdated

    Consider upgrading to 0.9.0 to get all the fixes and improvements.

    rand versions

  • Dependency tower 0.4.13 is outdated

    Upgrade to 0.5.2 to get all the fixes, and avoid causing duplicate dependencies in projects.

    tower versions

  • Latest prerelease is old

    It's been over 4 months. Is this crate still maintained? Make a new release, either to refresh it, or to set

    [badges.maintenance]
    status = "deprecated"
    

    (or "as-is", "passively-maintained").

    Maintenance status field docs

• pexels-cli

  • Imprecise dependency requirement tokio = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as tokio = "1.44.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    If you want to keep using truly minimal dependency requirements, please make sure you test them in CI with -Z minimal-versions Cargo option, because it's very easy to accidentally use a feature added in a later version.

    tokio versions

• polaris-router

  • Imprecise dependency requirement serde = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as serde = "1.0.219". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    serde versions

• polaris-core

  • Imprecise dependency requirement serde = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as serde = "1.0.219". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    serde versions

  • Dependency http 0.2 is outdated

    Upgrade to 1.2.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    http versions

• polaris-router, polaris-ratelimit, polaris-config, polaris-registry, polaris-core

  • Dependency polaris-specification 0.1.1 is slightly outdated

    Consider upgrading to 1.5.0 to get all the fixes and improvements.

    polaris-specification versions

• shortlink-rs, lunar-rs

  • Crate contains junk files

    The crate contains boilerplate Rust files with no real functionality.

No issues found in: sensitive-rs pexels-api qrcode-rs polaris-grpc polaris-rs

If some of these crates are unmaintained and shouldn't be checked, yank them or add [badges.maintenance]
status = "deprecated" to their Cargo.toml.