Issues found
Based on crates you own that have been published to crates.io. The best way to monitor these issues is to subscribe to the atom feed in your RSS reader.
arti, arti-client, tor-rtcompat, tor-keymgr, tor-rpcbase, tor-guardmgr, tor-config, tor-proto, tor-netdoc, tor-circmgr, tor-rtmock, tor-cert, tor-dirclient, tor-llcrypto, tor-cell, tor-hscrypto, tor-hsservice, tor-linkspec, tor-consdiff, tor-persist, test-temp-dir, tor-chanmgr, tor-checkable, safelog, tor-bytes, tor-ptmgr, tor-log-ratelim
Could not find the crate in the repository
Make sure the main branch of
https://gitlab\.torproject\.org/tpo/core/arti\.gitcontains theCargo.tomlfor the crate. If you have forked the crate, change the repository property inCargo.tomlto your fork's URL.
fs-mistrust
Optional dependency 'once_cell' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'once_cell', 'dirs' may have been unintentional.
fs-mistrust, tor-rpcbase, tor-circmgr
Imprecise dependency requirement once_cell = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
once_cell = "1.20.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.If you want to keep using truly minimal dependency requirements, please make sure you test them in CI with
-Z minimal-versionsCargo option, because it's very easy to accidentally use a feature added in a later version.
arti, arti-client, tor-keymgr, tor-guardmgr, tor-rtmock, tor-hsservice, tor-checkable, tor-log-ratelim
Imprecise dependency requirement humantime = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
humantime = "2.1.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
arti
Optional dependency 'tor-rpc-connect' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'tor-rpc-connect', 'arti-rpcserver', 'visibility', 'rustls-crate', 'derive-deftly', 'dialoguer', 'hickory-proto', 'tokio-crate', 'secmem-proc', 'tor-rpcbase', 'async-ctrlc', 'tor-hsrproxy', 'tor-hsservice', 'signal-hook', 'tracing-journald', 'signal-hook-async-std', 'tokio-util' may have been unintentional.
arti-client
Optional dependency 'visibility' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'visibility', 'dyn-clone', 'tor-geoip', 'tor-ptmgr', 'tor-rpcbase', 'tor-hsclient', 'anyhow', 'tor-hsservice', 'tor-hscrypto' may have been unintentional.
arti-client, tor-rtcompat, tor-guardmgr, tor-config, tor-proto, tor-netdoc, tor-circmgr, tor-rtmock, tor-llcrypto, tor-cell, tor-hsservice, test-temp-dir, tor-chanmgr, safelog, tor-bytes
Dependency educe 0.4.6 is outdated
Upgrade to 0.6.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
In Cargo, different 0.x versions are considered incompatible, so this is a semver-major upgrade.
tor-hsclient, tor-error, tor-socksproto, tor-units, tor-async-utils, tor-protover, tor-netdir, retry-error, tor-relay-selection, tor-dirmgr, tor-basic-utils, arti-relay, tor-geoip, tor-memquota, tor-hsrproxy, arti-rpcserver, tor-config-path, tor-key-forge, tor-general-addr, arti-rpc-client-core, tor-rpc-connect, tor-relay-crypto
Could not find the crate in the repository
Make sure the main branch of
https://gitlab\.torproject\.org/tpo/core/arti\.gitcontains theCargo.tomlfor the crate. If you have forked the crate, change the repository property inCargo.tomlto your fork's URL.
arti-hyper
Dependency arti-client 0.19.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency tor-error 0.19.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency tor-rtcompat 0.19.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency hyper 0.14 is outdated
Upgrade to 1.6.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Easy way to bump dependencies:
cargo install cargo-edit; cargo upgrade -i; Also check out Dependabot service on GitHub.Dependency thiserror 1 is a bit outdated
Consider upgrading to 2.0.12 to get all the fixes and improvements.
Dependency tls-api 0.9.0 is outdated
Upgrade to 0.12.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency tls-api-native-tls 0.9.0 is outdated
Upgrade to 0.12.1 to get all the fixes, and avoid causing duplicate dependencies in projects.
tor-cert, tor-dirclient, tor-consdiff, tor-persist, tor-chanmgr, tor-ptmgr
Imprecise dependency requirement thiserror = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
thiserror = "2.0.12". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.This crate does not bump semver-minor when adding new features, so to be safe you get all the features/APIs/fixes that your crate depends on, require a more specific patch version.
equix, tor-units, tor-protover, tor-basic-utils, hashx, tor-geoip, slotmap-careful, tor-hsrproxy, fslock-guard, tor-general-addr, arti-rpc-client-core, tor-rpc-connect
Imprecise dependency requirement thiserror = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
thiserror = "2.0.12". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-netdoc
Dependency hex-literal 0.4 is outdated
Consider upgrading to 1.0.0 to get all the fixes and improvements.
Imprecise dependency requirement bitflags = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
bitflags = "2.9.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'hex-literal' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'hex-literal', 'tor-hscrypto', 'visibility', 'rand', 'tor-units', 'visible', 'tor-linkspec' may have been unintentional.
tor-llcrypto
Dependency getrandom 0.2.3 is outdated
Consider upgrading to 0.3.1 to get all the fixes and improvements.
Imprecise dependency requirement signature = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
signature = "2.2.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'derive-deftly' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'derive-deftly', 'openssl', 'typenum', 'tor-memquota', 'cipher' may have been unintentional.
tor-rtcompat
Imprecise dependency requirement pin-project = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
pin-project = "1.1.10". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'async-native-tls' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'async-native-tls', 'async-io', 'rustls-pki-types', 'async-std-crate', 'native-tls-crate', 'x509-signature', 'tokio-crate', 'futures-rustls', 'tokio-util', 'arbitrary' may have been unintentional.
tor-netdir
Dependency typed-index-collections ~3.1.0 is outdated
Upgrade to 3.2.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Imprecise dependency requirement bitflags = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
bitflags = "2.9.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'visibility' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'visibility', 'digest', 'tor-geoip', 'hex', 'postage', 'tor-hscrypto', 'time' may have been unintentional.
tor-dirmgr
Dependency rusqlite 0.32.1 is outdated
Upgrade to 0.34.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Imprecise dependency requirement event-listener = 5
Cargo does not always pick latest versions of dependencies! Specify the version as
event-listener = "5.4.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'memmap2' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'memmap2', 'tor-geoip' may have been unintentional.
tor-proto
Imprecise dependency requirement bytes = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
bytes = "1.10.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'tor-hscrypto' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'tor-hscrypto', 'visibility', 'tokio-crate', 'tokio-util' may have been unintentional.
tor-cell
Imprecise dependency requirement bitflags = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
bitflags = "2.9.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'tor-hscrypto' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'tor-hscrypto' may have been unintentional.
tor-hscrypto
Imprecise dependency requirement signature = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
signature = "2.2.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.Optional dependency 'arrayvec' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'arrayvec', 'tor-memquota', 'zeroize', 'derive-deftly', 'equix', 'blake2', 'cipher' may have been unintentional.
arti-client, tor-keymgr, tor-guardmgr, tor-proto, tor-netdoc, tor-circmgr, tor-cell, tor-hscrypto, tor-chanmgr
Dependency rand 0.8 is a bit outdated
Consider upgrading to 0.9.0 to get all the fixes and improvements.
tor-bytes
Dependency getrandom 0.2.3 is outdated
Consider upgrading to 0.3.1 to get all the fixes and improvements.
Imprecise dependency requirement bytes = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
bytes = "1.10.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-keymgr
Optional dependency 'data-encoding' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'data-encoding' may have been unintentional.
tor-basic-utils
Dependency rand_chacha 0.3 is outdated
Upgrade to 0.9.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Optional dependency 'serde' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'serde' may have been unintentional.
arti-relay
Dependency rand 0.8.5 is a bit outdated
Consider upgrading to 0.9.0 to get all the fixes and improvements.
Dependency strum 0.26.3 is outdated
Consider upgrading to 0.27.1 to get all the fixes and improvements.
tor-guardmgr
Optional dependency 'tor-protover' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'tor-protover', 'tor-rtmock' may have been unintentional.
tor-guardmgr, tor-config, tor-rtmock, tor-hsservice, tor-linkspec
Dependency strum 0.26.3 is outdated
Upgrade to 0.27.1 to get all the fixes, and avoid causing duplicate dependencies in projects.
tor-config
Imprecise dependency requirement either = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
either = "1.15.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-proto, tor-llcrypto, tor-hsservice
Dependency rand_core 0.6.2 is a bit outdated
Consider upgrading to 0.9.3 to get all the fixes and improvements.
tor-circmgr
Optional dependency 'visibility' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'visibility', 'tor-geoip' may have been unintentional.
tor-cert
Optional dependency 'derive_builder' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'derive_builder' may have been unintentional.
tor-dirclient
Optional dependency 'tor-hscrypto' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'tor-hscrypto' may have been unintentional.
tor-hsservice
Dependency rand 0.8.5 is a bit outdated
Consider upgrading to 0.9.0 to get all the fixes and improvements.
tor-linkspec
Imprecise dependency requirement by_address = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
by_address = "2.1.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-persist
Optional dependency 'fslock-guard' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'fslock-guard', 'amplify' may have been unintentional.
test-temp-dir
Imprecise dependency requirement tempfile = 3
Cargo does not always pick latest versions of dependencies! Specify the version as
tempfile = "3.17.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
safelog
Imprecise dependency requirement either = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
either = "1.15.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-ptmgr
Optional dependency 'visibility' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'visibility' may have been unintentional.
tor-hsclient
Imprecise dependency requirement either = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
either = "1.15.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-hsclient, tor-socksproto, tor-async-utils, tor-dirmgr, tor-memquota, arti-rpc-client-core, arti-hyper
Dependency educe 0.4.6 is outdated
Upgrade to 0.6.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
tor-hsclient, tor-error, tor-netdir, tor-dirmgr
Dependency strum 0.26.3 is outdated
Upgrade to 0.27.1 to get all the fixes, and avoid causing duplicate dependencies in projects.
tor-hsclient, tor-netdir, tor-relay-selection, tor-dirmgr, tor-basic-utils, arti-rpcserver, tor-key-forge, tor-rpc-connect
Dependency rand 0.8 is a bit outdated
Consider upgrading to 0.9.0 to get all the fixes and improvements.
tor-error
Optional dependency 'static_assertions' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'static_assertions' may have been unintentional.
tor-error, arti-relay, tor-config-path
Imprecise dependency requirement once_cell = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
once_cell = "1.20.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-socksproto
Imprecise dependency requirement subtle = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
subtle = "2.6.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-units
Optional dependency 'derive-deftly' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'derive-deftly', 'tor-memquota' may have been unintentional.
tor-async-utils, tor-memquota, arti-hyper
Imprecise dependency requirement pin-project = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
pin-project = "1.1.10". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-relay-selection
Optional dependency 'tor-geoip' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'tor-geoip' may have been unintentional.
arti-rpc-client-core
Dependency rand 0.8.5 is a bit outdated
Consider upgrading to 0.9.0 to get all the fixes and improvements.
Optional dependency 'paste' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'paste' may have been unintentional.
hashx
Dependency rand_core 0.6.4 is a bit outdated
Consider upgrading to 0.9.3 to get all the fixes and improvements.
tor-memquota
Optional dependency 'visibility' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'visibility' may have been unintentional.
arti-rpcserver
Imprecise dependency requirement bytes = 1
Cargo does not always pick latest versions of dependencies! Specify the version as
bytes = "1.10.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-config-path
Optional dependency 'shellexpand' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'shellexpand', 'directories', 'tor-general-addr' may have been unintentional.
tor-key-forge
Imprecise dependency requirement signature = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
signature = "2.2.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
tor-general-addr
Optional dependency 'arbitrary' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Feature 'arbitrary' may have been unintentional.
tor-rpc-connect
Optional dependency 'fslock-guard' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'fslock-guard', 'tor-rtcompat' may have been unintentional.
tor-relay-crypto
Imprecise dependency requirement humantime = 2
Cargo does not always pick latest versions of dependencies! Specify the version as
humantime = "2.1.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.
arti-tor-client
Dependency tor-chanmgr 0.0.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency tor-circmgr 0.0.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency tor-dirmgr 0.0.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency tor-proto 0.0.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency tor-rtcompat 0.0.0 is significantly outdated
Upgrade to 0.28.0 to get all the fixes, and avoid causing duplicate dependencies in projects.
Dependency thiserror 1.0.24 is a bit outdated
Consider upgrading to 2.0.12 to get all the fixes and improvements.
Latest stable release is old
It's been over 3 years. Is this crate still maintained? Make a new release, either to refresh it, or to set
[badges.maintenance] status = "deprecated"(or
"as-is","passively-maintained").If the crate is truly stable, why not make a 1.0.0 release?
No issues found in: caret oneshot-fused-workaround
If some of these crates are unmaintained and shouldn't be checked, yank them or add [badges.maintenance] to their
status = "deprecated"Cargo.toml.