Lib.rs

Issues found

Based on crates you own that have been published to crates.io. The best way to monitor these issues is to subscribe to the atom feed in your RSS reader.

• ci_info

  • Imprecise dependency requirement serde = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as serde = "1.0.219". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    This crate does not bump semver-minor when adding new features, so to be safe you get all the features/APIs/fixes that your crate depends on, require a more specific patch version.

    serde versions

  • Published crate doesn't match its repository

    Verified 90 out of 93 files (includes 3 Cargo-generated).

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.
    • docs/api/static.files/
      • SourceSerif4-Regular-0000000007da4a04.ttf.woff2 does not match the repository.
      • NanumBarunGothic-00000000f861df9d.ttf.woff2 does not match the repository.
      • SourceCodePro-Semibold-00000000f27a569e.ttf.woff2 does not match the repository.

    Fetched https://github.com/sagiegurari/ci_info.git tagged 0.14.14 (ccd58f00cc16310b79831e727670bc17b5c3ac03).

    Checked on 2024-08-04

    This check is experimental.

    Forum thread

• duckscriptsdk

  • Dependency attohttpc ^0.28 is significantly outdated

    Upgrade to 0.29.2 to get all the fixes, and avoid causing duplicate dependencies in projects.

    In Cargo, different 0.x versions are considered incompatible, so this is a semver-major upgrade.

    attohttpc versions

  • Dependency which ^6 is significantly outdated

    Upgrade to 7.0.3 to get all the fixes, and avoid causing duplicate dependencies in projects.

    Easy way to bump dependencies: cargo install cargo-edit; cargo upgrade -i; Also check out Dependabot service on GitHub.

    which versions

  • Dependency colored ^2 is a bit outdated

    Consider upgrading to 3.0.0 to get all the fixes and improvements.

    colored versions

  • Dependency evalexpr ^11 is outdated

    Consider upgrading to 12.0.2 to get all the fixes and improvements.

    evalexpr versions

  • Dependency rand ^0.8 is a bit outdated

    Consider upgrading to 0.9.1 to get all the fixes and improvements.

    rand versions

  • Dependency zip ^2 is outdated

    Upgrade to 3.0.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    zip versions

  • Imprecise dependency requirement fs_extra = ^1

    Cargo does not always pick latest versions of dependencies! Specify the version as fs_extra = "1.3.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    If you want to keep using truly minimal dependency requirements, please make sure you test them in CI with -Z minimal-versions Cargo option, because it's very easy to accidentally use a feature added in a later version.

    fs_extra versions

• git_info

  • Imprecise dependency requirement serde = ^1

    Cargo does not always pick latest versions of dependencies! Specify the version as serde = "1.0.219". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    serde versions

  • Published crate doesn't match its repository

    Verified 69 out of 72 files (includes 3 Cargo-generated).

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.
    • docs/api/static.files/
      • SourceSerif4-Regular-0000000007da4a04.ttf.woff2 does not match the repository.
      • NanumBarunGothic-00000000f861df9d.ttf.woff2 does not match the repository.
      • SourceCodePro-Semibold-00000000f27a569e.ttf.woff2 does not match the repository.

    Fetched https://github.com/sagiegurari/git_info.git tagged 0.1.3 (39cf5780e88aa11b47424e09f7f5711ee4253b3f).

    Checked on 2024-08-30

    Forum thread

• rust_info

  • Imprecise dependency requirement serde = ^1

    Cargo does not always pick latest versions of dependencies! Specify the version as serde = "1.0.219". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    serde versions

  • Published crate doesn't match its repository

    Verified 78 out of 81 files (includes 3 Cargo-generated).

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.
    • docs/api/static.files/
      • SourceSerif4-Regular-0000000007da4a04.ttf.woff2 does not match the repository.
      • NanumBarunGothic-00000000f861df9d.ttf.woff2 does not match the repository.
      • SourceCodePro-Semibold-00000000f27a569e.ttf.woff2 does not match the repository.

    Fetched https://github.com/sagiegurari/rust_info.git tagged 0.3.3 (2b1bfbe4da872dbf32542ccf6064d9fbe08e53f5).

    Checked on 2024-08-30

    Forum thread

• cargo-make

  • Dependency petgraph ^0.7.1 is significantly outdated

    Upgrade to 0.8.1 to get all the fixes, and avoid causing duplicate dependencies in projects.

    petgraph versions

  • Dependency strum_macros 0.26.4 is outdated

    Upgrade to 0.27.1 to get all the fixes, and avoid causing duplicate dependencies in projects.

    strum_macros versions

  • Imprecise dependency requirement ctrlc = ^3

    Cargo does not always pick latest versions of dependencies! Specify the version as ctrlc = "3.4.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    ctrlc versions

• simple_redis

  • Dependency redis ^0.26 is significantly outdated

    Upgrade to 0.31.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    redis versions

  • Failed to verify create's content against its repository

    Verified 108 out of 111 files (includes 3 Cargo-generated).

    • warning: The crates.io package has no information about its path inside its repository.

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.
    • docs/api/static.files/
      • SourceCodePro-Semibold-00000000f27a569e.ttf.woff2 does not match the repository.
      • SourceSerif4-Regular-0000000007da4a04.ttf.woff2 does not match the repository.
      • NanumBarunGothic-00000000f861df9d.ttf.woff2 does not match the repository.

    Fetched https://github.com/sagiegurari/simple_redis.git tagged 0.6.4 (4346ba31ee8fd6fb31135d7a0228f54cc684cc2b).

    Checked on 2025-04-27

    Forum thread

• ci_info, cargo-make, envmnt, git_info, rust_info, simple_redis, shell2batch, cliparser

  • Published crate contains binary files

    The crate contains binary files (WOFF font). Crates are meant to be compiled from source. Please check that you haven't published temporary build files by accident. If you have test fixtures, consider excluding them from crates-io tarball, since Cargo doesn't run tests from crates-io packages.

    Audit page

• envmnt

  • Dependency indexmap ^1 is outdated

    Upgrade to 2.9.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    indexmap versions

  • Imprecise dependency requirement indexmap = ^1

    Cargo does not always pick latest versions of dependencies! Specify the version as indexmap = "2.9.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    indexmap versions

• duckscript

  • Failed to verify create's content against its repository

    Partially verified 37 files (includes 2 Cargo-generated).

    • warning: Crate tarball has been published from a different commit than the commit tagged by git tag '0.10.0'.
      • Create git tags after comitting any changes, and commit changes after bumping versions and running cargo update.

    Looked for the crate in duckscript/. Fetched https://github.com/sagiegurari/duckscript.git tagged 0.11.0 (810da9d9dbba21f678af30399307ec6762592ea2).

    Checked on 2024-10-06

    Forum thread

• shell2batch

  • Imprecise dependency requirement regex = ^1

    Cargo does not always pick latest versions of dependencies! Specify the version as regex = "1.11.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    regex versions

No issues found in: fsio duckscript_cli run_script

If some of these crates are unmaintained and shouldn't be checked, yank them or add [badges.maintenance]
status = "deprecated" to their Cargo.toml.