How to resolve dependency conflicts

axum has been updated to 0.8.1, we are using 0.7.9, after the update there was a build problem as several crates are using 0.7.9, but most likely they have already been migrated to 0.8 and I don't understand where the dependency error comes from

cargo tree | grep axum

│ ├── axum v0.7.9
│ │ ├── axum-core v0.4.5
│ ├── axum v0.8.1
│ │ ├── axum-core v0.5.0
│ │ ├── axum-macros v0.5.0 (proc-macro)
│ │ ├── axum v0.8.1 ()
├── axum v0.8.1 (
)
├── axum-auth v0.7.0
│ ├── axum-core v0.4.5 ()
├── axum-client-ip v0.7.0
│ ├── axum v0.8.1 (
)
├── axum-server v0.7.1
│ ├── axum-core v0.5.0 ()
├── axum-test v17.0.1
│ ├── axum v0.8.1 (
)

cargo tree --invert axum
error: There are multiple axum packages in your project, and the specification axum is ambiguous.
Please re-run this command with one of the following specifications:
axum@0.7.9
axum@0.8.1

Could you try following this advice?

cargo tree --invert axum@0.7.9 give the next message, but inside those crates should be using axum="0.8.1", but maybe I'm missing some detail...

axum v0.7.9
└── tonic v0.12.3
├── api_grpc v0.1.0
├── api_grpc_client v0.1.0
│ └── main_app v0.4.0
├── common_api v0.1.0
│ ├── api_grpc v0.1.0
│ ├── api_grpc_client v0.1.0 ()
│ ├── main_app v0.4.0
│ └── service v0.1.0
│ ├── api_grpc v0.1.0
│ ├── api_grpc_client v0.1.0(
)
│ └── api_web v0.1.0
└── main_app v0.4.0

That doesn’t seem to be true. If I look at tonic version 0.12.3 its dependency on axum is ^0.7, which cannot use 0.8.

but tonic updated to axum 0.8, isn't?

If it's ^0.7 on crates.io, does that mean it might still be unstable?
So for that reason you can't move axum 0.8 until tonic moves to 0.8?

Thanks in advance

That change has been merged into the master branch of tonic’s GitHub repository, but there has not yet been any release of tonic to crates.io after that merge. If you look at https://crates.io/crates/tonic you can see that the last release was 4 months ago, and https://docs.rs/crate/tonic/0.12.3/source/Cargo.toml.orig will show you the source code of that release (which includes axum = {version = "0.7", default-features = false, optional = true}). When you are trying to troubleshoot problems with dependencies and want to determine what those dependencies’ code is, the source of truth is the contents of crates.io packages (which can be viewed through docs.rs), not GitHub. There is no guarantee that the same source code even exists on GitHub, even though it usually does, and if it does, the code in master/main/trunk is usually going to be newer than the release on crates.io.

1 Like

as far as I understand we can't properly migrate to a new version until the dependency authors update them on crates.io

Unless you want to publish your own crate to crates.io you can use tonic = { git = "https://github.com/hyperium/tonic" } to directly depend on the version from git. You can also add rev = "..." to specify the exact commit you want to use.

1 Like