Having a yanked version seems to result in wrong "latest"

[ctron]

Current Behavior

Having yanked 0.12.2, it now shows 0.11.0 as the "latest".

Expected Behavior

My expectation would be to see 0.12.1 as the latest.

Steps To Reproduce

• Publish 0.11.x, 0.12.0, 0.12.1
• Publish 0.12.2
• Yank 0.12.2

Environment

• Browser:
• OS:

Anything else?

No response

[Turbo87]

as you can see at https://crates.io/crates/csaf-walker/versions right now, the "latest" label on this page refers to the release track. it is not just the latest release of the crate in general. so 0.11.0 is the latest release of the 0.11.x release track, and 0.12.4 is the latest release of the 0.12.x release track.

admittedly it might make more sense to mark 0.12.1 also as latest in your screenshot above.

/cc @eth3lbert

[eth3lbert]

This looks interesting to me. However, I'm a little unsure about what actually happened without having the data here.

admittedly it might make more sense to mark 0.12.1 also as latest in your screenshot above.

The release tracks are computed without including yanked versions, which suggests 0.12.2 would be the release track if it isn't yanked; otherwise, 0.12.1 should be the release track! Due to this, it seems the release tracks information in the screenshot is outdated for some reason. This could potentially happen because we only fetch it once while loading the versions list but will be fine if you refresh the page. So, my best guess is that the versions list and release tracks were fetched before the crate was yanked, which caused the situation in the screenshot.

This could be fixed with our current setup by: cleaning up the bound release tracks after a yanking operation, or by re-fetching the release tracks when this conflict (a release track version is yanked) is detected.

Another potential possibility is that the release tracks data is correct, but it's just being displayed incorrectly in the frontend for some reason. I will look into this tomorrow to make sure that's not the case.