Cargo: include README and LICENSE files in published crates #8
Conversation
|
Thanks @decathorpe - I came to submit the same thing (for the license specifically). Edit: fwiw, for other users who need this, you can fork, apply the change, and patch the crate in [patch.crates-io]
number_prefix = { git = "https://github.com/your-name/rust-number-prefix" } |
|
FYI, I now "officially" forked number_prefix, made some cleanups (including this PR), and published it as https://crates.io/crates/unit-prefix |
|
@decathorpe , could you do a release from https://codeberg.org/commons-rs/unit-prefix with the fixed |
Sure! Thanks for letting me know - I wasn't even aware that projects looked at metadata like "is this repo archived". New release published: https://crates.io/crates/unit-prefix/0.5.2 And I'll go ahead and close this PR while we're here. |
|
I've created rustsec/advisory-db#2463 |
) fixes errors like this one in https://github.com/tempoxyz/tempo/actions/runs/19462129274/job/55688586205?pr=948: ``` cargo deny --all-features check all shell: /usr/bin/bash -e {0} env: CARGO_TERM_COLOR: always CARGO_HOME: /home/runner/.cargo CARGO_INCREMENTAL: 0 error[unmaintained]: number_prefix crate is unmaintained ┌─ /home/runner/work/tempo/tempo/Cargo.lock:487:1 │ 487 │ number_prefix 0.4.0 registry+https://github.com/rust-lang/crates.io-index │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected │ ├ ID: RUSTSEC-2025-0119 ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0119 ├ The `number_prefix` crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. ## Recommended alternatives - [`unit-prefix`](https://crates.io/crates/unit-prefix) ├ Announcement: ogham/rust-number-prefix#8 ├ Solution: No safe upgrade is available! ├ number_prefix v0.4.0 └── indicatif v0.17.11 └── simple-tqdm v0.2.0 ├── tempo-bench v0.4.0 └── tempo-xtask v0.4.0 ```
## Description We are getting failing `cargo-deny` [actions](https://github.com/MystenLabs/sui/actions/runs/19511548093/job/55852327532?pr=24283) on this repo due to the `number_prefix` crate being marked unmaintained: ``` error[unmaintained]: number_prefix crate is unmaintained ┌─ /home/runner/work/sui/sui/Cargo.lock:774:1 │ 774 │ number_prefix 0.4.0 registry+https://github.com/rust-lang/crates.io-index │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected │ ├ ID: RUSTSEC-2025-0119 ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0119 ├ The `number_prefix` crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. ## Recommended alternatives - [`unit-prefix`](https://crates.io/crates/unit-prefix) ├ Announcement: ogham/rust-number-prefix#8 ├ Solution: No safe upgrade is available! ``` This is a dep of `indicatif`. It's on `0.17.2` but the latest version is `0.18.3`. The latest version doesn't appear to use `number_prefix`, so bumping the version should fix the issue. ## Test plan How did you test the new or updated feature? --- ## Release notes Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required. For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates. - [ ] Protocol: - [ ] Nodes (Validators and Full nodes): - [ ] gRPC: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK: - [ ] Indexing Framework:
3 participants
The original change to exclude those files was probably well-intentioned, but the MIT license terms require that the license text is shipped with any redistributed sources (like those published to crates.io, or those shipped as part of linux distro packages), see - for example - the "Conditions" on the MIT entry on https://choosealicense.com.
Including the README file doesn't hurt either, but at least the LICENCE file really should be included in published crates.