cargo-edit icon indicating copy to clipboard operation
cargo-edit copied to clipboard

Published 20 hours ago verified publisher icon killercup

`cargo upgrade` downgrades packages

Open emchristiansen opened this issue 1 year ago • 8 comments

For example, here's the output of cargo upgrade --incompatible=allow --pinned=allow:

Screenshot 2023-10-11 at 3 24 23 PM

Note that it incorrectly detects the latest versions of most of the packages. I have similar behavior with cargo upgrade --incompatible=allow. Also, these commands take about 5 minutes to finish, which seems very slow to me.

FYI, I'm fully up to date as of time of writing (rustc 1.73.0 (cc66ad468 2023-10-03) and cargo-edit-upgrade 0.12.2.

emchristiansen avatar Oct 11 '23 19:10 emchristiansen

Without a reproduction case, its hard to say.

My best guess is that this could be related to #856 which I never got around to adding a note when MSRV gets involved (trying to put my effort to instead merging this into cargo).

I'd be curious what your project's package.rust-version is as async-process 1.6 has an MSRV of 1.46 (see https://crates.io/crates/async-process/versions). To downgrade to 1.3 would be either a bug or a very low MSRV. You should also be seeing errors from cargo if it is an MSRV thing (without being a bug).

epage avatar Oct 11 '23 19:10 epage

My project is pretty sprawling, so it might be hard to whittle this down to a minimal reproduction case. But if there's a command I can run to collect useful debug info, please let me know.

FYI, I didn't define rust-version (assuming you mean this) for any of the crates in my workspace. AFAIK I'm using the latest Rust version.

BTW, all I really want is for cargo upgrade to lookup the latest versions of my dependencies and then splat them into my Cargo.toml; I'll take care of any conflicts myself. Is there a quick-and-dirty way of calling cargo upgrade to get it to do this? (I'm guessing the problem is it's trying to do dependency conflict resolution, and failing?)

emchristiansen avatar Oct 11 '23 19:10 emchristiansen

I tried reproducing by ust having a package depend on async-process without a rust-version set and I wasn't able to reproduce this.

epage avatar Oct 11 '23 19:10 epage

BTW, do you see that it's not just async-process that was downgraded? It's the majority of the packages.

emchristiansen avatar Oct 11 '23 20:10 emchristiansen

I was using that as a representative sample.

epage avatar Oct 11 '23 20:10 epage

I am seeing a similar issue, cargo upgrade -i is downgrading hyper from 1.x to 0.14:

name        old req compatible latest  new req
====        ======= ========== ======  =======
async-trait 0.1.74  0.1.77     0.1.77  0.1.77
anyhow      1.0.75  1.0.79     1.0.79  1.0.79
serde_json  1.0.108 1.0.111    1.0.111 1.0.111
serde       1.0.193 1.0.195    1.0.195 1.0.195
hyper       1.0.1   -          0.14.28 0.14.28
once_cell   1.18.0  1.19.0     1.19.0  1.19.0
mockall     0.11.4  0.11.4     0.12.1  0.12.1

mhristache avatar Jan 24 '24 11:01 mhristache

I can reproduce this with the syn crate. I suspect cargo upgrade is unable to properly read the crates.io index in some circumstances that I couldn't identify. I created #892 to track this issue which is more general than just downgrading.

ia0 avatar Apr 13 '24 19:04 ia0