Cargo crates downloading latest version instead of ovewritten one

ignazio-bovo · September 3, 2024, 5:30pm

Hi have my root Cargo.toml setup as follows:

[patch.crates-io]
byteorder = { version = "=1.3.4", git = "https://github.com/BurntSushi/byteorder.git", tag = "1.3.4" }
bitflags = { version = "=1.2.1", git = "https://github.com/bitflags/bitflags.git", tag = "1.2.1" }
memchr = { version = "=2.3.3", git = "https://github.com/BurntSushi/memchr", tag = "2.3.3" }

when I am running in my docker build

RUN . /root/.cargo/env && \
	rustup toolchain install nightly-2020-10-01 && \
	rustup target add wasm32-unknown-unknown --toolchain nightly-2020-10-01

(it's an old repo)
it is updating the crates.io index

 => => #     Updating git repository `https://github.com/bitflags/bitflags.git`                                          
 => => #     Updating git repository `https://github.com/BurntSushi/byteorder.git`                                       
 => => #     Updating git repository `https://github.com/rust-lang/log`                                                  
 => => #     Updating git repository `https://github.com/BurntSushi/memchr`                                              
 => => #     Updating crates.io index

But apparently it's still downloading newer dependencies.

192.5     Downloaded byteorder v1.5.0
192.5   error: failed to parse manifest at `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/byteorder-1.5.0/Cargo.toml`
192.5 
192.5   Caused by:
192.5     failed to parse the `edition` key
192.5 
192.5   Caused by:
192.5     this version of Cargo is older than the `2021` edition, and only supports `2015` and `2018` editions.
192.5 warning: build failed, waiting for other jobs to finish...
196.8 error: build failed

How is this possible? Is there a way that I can surely override dependencies for my build?

Thanks

drewtato · September 3, 2024, 5:55pm

Something is depending on byteorder 1.5.0, but your patch for byteorder only applies to 1.3.4. Not that this would change anything. As long as the repos are properly publishing to crates.io, these patches should do nothing.

If you want to change the version of a package, you need to patch the package that's depending on it to have a different version number. If this package used to build, then you don't need patches, all you need to do is recreate the lockfile with some cargo update <pkg> commands.

ignazio-bovo · September 4, 2024, 7:12am

Thank you, but in the cargo.lock file I am not able for example to find a byteorder = 1.5.0 dependency.
Am I missing something?

drewtato · September 4, 2024, 8:15am

This might be because it failed to build, but not totally sure. But for example, the command you'd use to rollback the version of byteorder would be cargo update byteorder --precise 1.3.4. I think this should add it to the lockfile if it's not already there.

shareefj · September 17, 2024, 1:03pm

I'm hitting this issue now too, specifically with byteorder too. Is there a process to work out where the dependency is coming from? The user can't be expected to look through each crate to find out if a dependency has changed?

Cerber-Ursi · September 17, 2024, 1:26pm

You might want to use cargo tree -i [package-name].

Topic		Replies	Views
Something odd in my Cargo.toml file help	6	83	July 26, 2024
Updating crates.io index failed help	9	2286	May 22, 2023
Cargo update is not updating help	5	3333	October 19, 2022
Cargo not retrieving latest version from crates.io help	4	1599	September 4, 2022
Cargo build not using versions mentioned in cargo.toml help	4	1128	August 9, 2023

Cargo crates downloading latest version instead of ovewritten one

Related Topics