msgpack-rust icon indicating copy to clipboard operation
msgpack-rust copied to clipboard
verified publisher icon 3Hren

Why are almost all older versions yanked?

Open TheDan64 opened this issue 1 year ago • 3 comments

The vast majority of the older versions have been yanked: https://crates.io/crates/rmp-serde/versions. Surely they don't all have critical vulnerabilities that warrant this?

I can obviously use a lockfile to retrieve the yanked version, but this broke underneath my feet. I have a few libraries which don't have lockfiles per the previous rust guidelines and are depending on 0.x.y and can't be upgraded to 1.x. So these libraries just stopped working out of the blue and now require a lockfile going forward, which is concerning

TheDan64 avatar May 16 '24 17:05 TheDan64

I completely agree with @TheDan64

This was pretty shocking to stumble upon.

AlexGatz avatar May 16 '24 17:05 AlexGatz

0.15.5 and 0.14.4 are still available, don't those fit?

KillTheMule avatar May 16 '24 18:05 KillTheMule

Nope, am stuck on 0.13 :( 0.13.7 was just recently yanked

TheDan64 avatar May 16 '24 18:05 TheDan64