Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crates with '=version' break your project #327

Open
kpp opened this issue Aug 30, 2022 · 2 comments
Open

Crates with '=version' break your project #327

kpp opened this issue Aug 30, 2022 · 2 comments

Comments

@kpp
Copy link

kpp commented Aug 30, 2022

Due to use of zeroize in cryptographic projects with a forced specific version, it's hard to use cargo-outdated:

error: failed to select a version for `zeroize`.
    ... required by package `x25519-dalek v1.2.0`
    ... which satisfies dependency `x25519-dalek = "^1.2.0"` of package `libp2p-noise v0.38.0 (/tmp/cargo-outdatedu18zVN/transports/noise)`
    ... which satisfies path dependency `libp2p-noise` of package `libp2p v0.48.0 (/tmp/cargo-outdatedu18zVN)`
    ... which satisfies path dependency `libp2p` of package `libp2p-autonat v0.7.0 (/tmp/cargo-outdatedu18zVN/protocols/autonat)`
versions that meet the requirements `=1.3` are: 1.3.0

all possible versions conflict with previously selected packages.

  previously selected package `zeroize v1.5.7`
    ... which satisfies dependency `zeroize = "^1.5.7"` of package `keygen v0.1.0 (/tmp/cargo-outdatedu18zVN/misc/keygen)`

failed to select a version for `zeroize` which could resolve this conflict

@kpp kpp changed the title Crate zeroize breaks your project Crates with '=version' break your project Aug 30, 2022
@tyranron
Copy link

Have the same issue with png crate being pinpoint to =0.17.6 in resvg crate.

I did pinpoint png to exactly the same version in my crate, but cargo-outdated doesn't consider it as an exact version and still treats like a version range:

error: failed to select a version for `png`.
    ... required by package `resvg v0.28.0`
    ... which satisfies dependency `resvg = "^0.28.0"` of package `my-crate v0.0.0 (/var/folders/0w/5v5r_jrx491dd5s5750mtmw00000gn/T/cargo-outdatedIfaGIF/services/file)`
versions that meet the requirements `=0.17.6` are: 0.17.6

all possible versions conflict with previously selected packages.

  previously selected package `png v0.17.7`
    ... which satisfies dependency `png = "^0.17.7"` of package `my-crate v0.0.0 (/var/folders/0w/5v5r_jrx491dd5s5750mtmw00000gn/T/cargo-outdatedIfaGIF/services/file)`

failed to select a version for `png` which could resolve this conflict

cargo update, though, doesn't complain about anything.

@tyranron
Copy link

Seems to be the same as #315

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants