killercup
cargo upgrade returns 401 consistently even after changing registry token
% cargo upgrade
Checking virtual workspace's dependencies
Error: status code '401 Unauthorized': the request was not authorized
cargo upgrade --verbose dont seem to give any extra details on the error.
Tried the following:
- removing all cache
- renewing the token in
config.toml - cargo search --registry internal-registry-name internal-feature works fine with the token enabled
- other cargo commands like
cargo clean,cargo build,cargo testall work fine
This was working fine for many months and seeing this issue only the last couple months now.
0.13.2 fixed a bug where we were silencing network errors. Do you think that you had upgraded to that version within that time window?
yes, have been using version > 1.84 the last few months. I upgraded it to v1.86.0 and tried running cargo upgrade but keep getting 401 consistently.
Note that cargo-edits version is mostly independent of what version of Cargo you are using.
Seeing this issue only on updating cargo-edit to versions 0.13.2 or 0.13.3. Looks like 0.13.1 is the last version that doesn't see this error fyi.
@epage After updating cargo edit to latest version, an authorization error appeared, after rolling back to 0.13.1, it works again The error appears when using a private registry with token auth (credentials.toml)
@shrasrir Thanks, after reverting version to 0.13.1 issue is gone
chiming in:
with version 0.13.1 I get no errors BUT the private registry doesn't seem to get checked for upgrades
pseyfert@catuai:~/SOMEPATH > cargo upgrade --version
cargo-edit-upgrade 0.13.1
pseyfert@catuai:~/SOMEPATH > cargo upgrade -vvvv
Checking REDACTED's dependencies
name old req compatible latest new req note
==== ======= ========== ====== ======= ====
anyhow 1 1.0.98 1.0.98 1
clap 3.0 3.2.25 4.5.40 3.2 incompatible
flate2 1.0 1.1.2 1.1.2 1.1
log 0.4 0.4.27 0.4.27 0.4
once_cell 1.14 1.21.3 1.21.3 1.21
serde 1.0 1.0.219 1.0.219 1.0
serde_yaml 0.8 0.8.26 0.9.34 0.8 incompatible
REDACTED REDACTED REDACTED 10.9.5 - - 10.9.5
REDACTED REDACTED REDACTED 10.9.5 - - 10.9.5
REDACTED REDACTED REDACTED 10.9.5 - - 10.9.5
REDACTED REDACTED REDACTED 10.9.5 - - 10.9.5
REDACTED REDACTED REDACTED 10.9.5 - - 10.9.5
REDACTED REDACTED REDACTED 6.7.0 - - 6.7.0
REDACTED REDACTED REDACTED 6.7.0 - - 6.7.0
stderrlog 0.4 0.4.3 0.6.0 0.4 incompatible
tar 0.4 0.4.44 0.4.44 0.4
tempfile 3.5.0 3.20.0 3.20.0 3.20.0
sha256 1.5.0 1.6.0 1.6.0 1.6.0
REDACTED REDACTED REDACTED 3 - - 3
REDACTED REDACTED REDACTED 3 - - 3
Upgrading recursive dependencies
Locking 36 packages to latest compatible versions
Updating addr2line v0.22.0 -> v0.24.2
Removing adler v1.0.2
Updating async-trait v0.1.80 -> v0.1.88
Updating autocfg v1.1.0 -> v1.5.0
Updating backtrace v0.3.73 -> v0.3.75
Updating bitflags v2.4.2 -> v2.9.1
...
with newer versions, I get asked for authentication but then get the 401 errors
pseyfert@catuai:~/SOMEPATH > cargo upgrade --version
cargo-edit-upgrade 0.13.6
pseyfert@catuai:~/SOMEPATH > cargo upgrade -vvvv
Enter the password for [email protected] at REDACTED:
Checking REDACTED's dependencies
[2025-06-23T10:15:39Z TRACE cargo_edit::index] opening index entry for sparse+https://index.crates.io/
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park without timeout
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(2)) start runtime::block_on
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate anyhow
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.999999509s
[2025-06-23T10:15:39Z DEBUG reqwest::connect] starting new connection: https://index.crates.io/
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate clap
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.9999998s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate flate2
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.99999985s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate log
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.99999992s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate once_cell
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.99999993s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate serde
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.99999995s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate serde_yaml
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.99999991s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE cargo_edit::index] opening index entry for sparse+https://crates.REDACTED/REDACTED/crates/
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park without timeout
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(4)) start runtime::block_on
[2025-06-23T10:15:39Z TRACE cargo_edit::index] krate REDACTED
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.999999679s
[2025-06-23T10:15:39Z DEBUG reqwest::connect] starting new connection: https://crates.REDACTED/
[2025-06-23T10:15:39Z TRACE reqwest::blocking::wait] wait at most 30s
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] closing runtime thread (ThreadId(4))
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] signaled close for runtime thread (ThreadId(4))
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(4)) Receiver is shutdown
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(4)) end runtime::block_on
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(4)) finished
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] closed runtime thread (ThreadId(4))
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] closing runtime thread (ThreadId(2))
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] signaled close for runtime thread (ThreadId(2))
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(2)) Receiver is shutdown
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(2)) end runtime::block_on
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] (ThreadId(2)) finished
[2025-06-23T10:15:39Z TRACE reqwest::blocking::client] closed runtime thread (ThreadId(2))
Error: status code '401 Unauthorized': the request was not authorized
afaiu, the authentication is successful: I ran rm -rf ~/.cargo/registry before cargo upgrade, and the cargo upgrade command re-populated ~/.cargo/registry/{cache,src}/crates-REDACTED-HASH/
TL;DR:
reverting to 0.13.1 makes the 401 errors go away and cargo upgrade exists successfully (return code 0) BUT it doesn't actually upgrade dependencies for me.
I just wanted to report that I am still affected by this bug. I receive my cargo-edit through Arch's package repository.
~$ pacman -Qi cargo-edit
Installed From : cachyos-extra-v3
Name : cargo-edit
Version : 0.13.7-1.1
Description : Managing cargo dependencies from the command line
Architecture : x86_64_v3
URL : https://github.com/killercup/cargo-edit/releases
Licenses : MIT Apache-2.0
Groups : None
Provides : None
Depends On : cargo libssh2 openssl
Optional Deps : None
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 7,36 MiB
Packager : CachyOS <[email protected]>
Build Date : Fr 08 Aug 2025 23:06:10 CEST
Install Date : Mo 10 Nov 2025 12:49:49 CET
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature
This leaves me unable to upgrade any dependencies using cargo upgrade, since I depend on one crate from a private registry.
