fix(build): patch core2 to upstream git to unblock fresh resolution

farhan-syah · farhan-syah · commit 8b33da97f11d · 2026-04-15T04:38:27.000+08:00
core2 0.4.0 is yanked on crates.io and no 0.4.1+ release exists. The
libflate / libflate_lz77 chain (pulled in transitively via nodedb-fts'
optional jieba feature → include-flate → include-flate-compress) still
requires core2 ^0.4, so any fresh dependency resolution — such as CI
running without a committed lockfile — fails with "version 0.4.0 is
yanked".

Because NodeDB is a library workspace (nodedb-fts and others are
published to crates.io), committing Cargo.lock is not appropriate.
Patching directly to the upstream technocreatives/core2 git repo at the
commit that corresponds to 0.4.0 lets cargo bypass the registry yank
check while building bit-identical code.

Verified: `cargo check --workspace --all-features` and
`cargo clippy --workspace --all-targets --all-features -- -D warnings`
both succeed with a fresh lockfile.

Remove this patch once libflate releases a version that drops the core2
dependency.
diff --git a/Cargo.toml b/Cargo.toml
@@ -234,3 +234,12 @@ incremental = false
 [profile.debugging]
 inherits = "dev"
 debug = true
+
+# core2 0.4.0 is yanked on crates.io but no 0.4.1+ exists, and libflate /
+# libflate_lz77 (pulled in via the `jieba` feature of nodedb-fts →
+# include-flate → include-flate-compress) still require `core2 ^0.4`.
+# Point cargo at the upstream git source so fresh resolution (CI without
+# a committed lockfile) succeeds — git sources bypass the registry's yank
+# check. Safe to remove once libflate releases a bump off core2.
+[patch.crates-io]
+core2 = { git = "https://github.com/technocreatives/core2", rev = "545e84bcb0f235b12e21351e0c69767958efe2a7" }
