Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't build 0.23.0 #1019

Closed
fooooooooooooooo opened this issue Apr 29, 2023 · 11 comments · Fixed by #1085
Closed

Can't build 0.23.0 #1019

fooooooooooooooo opened this issue Apr 29, 2023 · 11 comments · Fixed by #1085

Comments

@fooooooooooooooo
Copy link

tracing 0.1.38 was yanked, so the latest version doesn't build

error: failed to compile `cargo-binstall v0.23.0`

Caused by:
  failed to select a version for the requirement `tracing = "^0.1.38"`
  candidate versions found which didn't match: 0.1.37, 0.1.36, 0.1.35, ...
  location searched: crates.io index
  required by package `cargo-binstall v0.23.0`
@NobodyXu
Copy link
Member

NobodyXu commented Apr 29, 2023

Thank you for notifying me on this!

I will wait for upstream to publish a new patch release.

Once it's published, I will update the lockfile and create another patch release for cargo-binstall.

@NobodyXu NobodyXu added the Blocked: upstream Fix or feature is needed to be implemented upstream (in a dependency) label Apr 29, 2023
@passcod
Copy link
Member

passcod commented Apr 29, 2023

In the meantime, it will build with --locked.

@qm3ster
Copy link

qm3ster commented May 10, 2023

Potentially valuable: the yank was not due to any security issues, but because it didn't follow semver due to Drop bound.
So if your crate builds with this version, it's completely fine.

@beanow-at-crabnebula
Copy link

Looks like there may be more.

$ cargo install cargo-binstall --locked
    Updating crates.io index
  Installing cargo-binstall v0.23.0
warning: package `bumpalo v3.12.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `tokio-stream v0.1.13` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `tracing v0.1.38` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked

@NobodyXu
Copy link
Member

bumpalo and tokio-stream both released a new version after yank, so once we release a new version these warnings won't pop up.

For tracing, the upstream still hasn't released a new version yet, so maybe we can revert it and then make a release.

@passcod
Copy link
Member

passcod commented May 24, 2023

i'd be in favour of reverting

@beanow-at-crabnebula
Copy link

I wondered whether the --locked install now pulls in dependencies that are yanked for concerning reasons.

Seems that tokio-stream needed a version bump of it's dependencies to compile a specific feature.
Though I couldn't find a specific issue to explain the yank.

https://github.com/tokio-rs/tokio/blob/398dfda56d3ee4b0d4d9e86abe15039e86979d83/tokio-stream/CHANGELOG.md#0114-april-26th-2023
image

For bumpalo fitzgen/bumpalo#208 TL;DR the rust-version metadata was missing so incompatible rust toolchains would install and fail to compile this version.

@NobodyXu
Copy link
Member

NobodyXu commented May 24, 2023

@beanow-at-crabnebula For tokio-stream, that's explained in tokio-rs/tokio#5655

TL; DR: They forgot to bump tokio dep in tokio-stream v0.1.13

@NobodyXu NobodyXu removed the Blocked: upstream Fix or feature is needed to be implemented upstream (in a dependency) label May 24, 2023
NobodyXu added a commit that referenced this issue May 24, 2023
@beanow-at-crabnebula
Copy link

Thanks for the patch :]
Just asking, is the intention to publish a patch release for this?

@NobodyXu
Copy link
Member

Just asking, is the intention to publish a patch release for this?

Yes, I may try to finish a few other issues before publishing a new release, or go straight for a patch release if you'd like

@NobodyXu
Copy link
Member

@fooooooooooooooo @qm3ster @beanow-at-crabnebula cargo-binstall v0.23.1 has released!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants