Latest `cargo-credential-libsecret` breaks `cargo-udeps`

[smoelius]

Cloning cargo-udeps and running cargo update -p cargo-credential-libsecret && cargo check produces the output below. (Right now, crates.io tells me cargo-credential-libsecret is about three hours old.)

$ cargo update -p cargo-credential-libsecret && cargo check
    Updating crates.io index
      Adding cargo-credential v0.4.1
    Updating cargo-credential-libsecret v0.3.1 -> v0.3.2
    Updating serde v1.0.189 -> v1.0.192
    Updating serde_derive v1.0.189 -> v1.0.192
    Updating serde_json v1.0.107 -> v1.0.108
    Updating thiserror v1.0.49 -> v1.0.50
    Updating thiserror-impl v1.0.49 -> v1.0.50
    Checking cargo v0.74.0
error[E0277]: the trait bound `LibSecretCredential: cargo_credential::Credential` is not satisfied
   --> /Users/sam.moelius/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-0.74.0/src/cargo/util/auth/mod.rs:455:45
    |
455 |           let provider: Box<dyn Credential> = match process {
    |  _____________________________________________^
456 | |             "cargo:token" => Box::new(TokenCredential::new(config)),
457 | |             "cargo:paseto" => Box::new(PasetoCredential::new(config)),
458 | |             "cargo:token-from-stdout" => Box::new(BasicProcessCredential {}),
...   |
462 | |             process => Box::new(CredentialProcessCredential::new(process)),
463 | |         };
    | |_________^ the trait `cargo_credential::Credential` is not implemented for `LibSecretCredential`
    |
help: trait impl with same name found
   --> /Users/sam.moelius/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-credential-0.4.1/src/lib.rs:61:1
    |
61  | impl Credential for UnsupportedCredential {
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    = note: perhaps two different versions of crate `cargo_credential` are being used?
    = help: the following other types implement trait `cargo_credential::Credential`:
              MacKeychain
              UnsupportedCredential
              BasicProcessCredential
              PasetoCredential<'a>
              CredentialProcessCredential
              TokenCredential<'a>
    = note: required for the cast from `std::boxed::Box<LibSecretCredential>` to `std::boxed::Box<dyn cargo_credential::Credential>`

[smoelius]

Looks like the same bug: https://github.com/rust-lang/cargo/issues/13002

(I probably should have opened this issue on the Cargo repo.)

[alice-i-cecile]

This fails for us in Bevy's CI too: https://github.com/bevyengine/bevy/actions/runs/6921162111/job/18826441217#step:5:537

[est31]

It's due to the upstream issue mentioned above. TLDR they did semver breaking changes and only incremented the patch version.

There is an upstream PR: https://github.com/rust-lang/cargo/pull/13004

I'm wondering what to do here:

• If I do nothing, then users will be disrupted by this until this is fixed upstream
• If I quickly update cargo, then I will have soon-to-be-yanked versions of the crates in my toml
• I could publish an update in which I manually pin the versions. idk...

Do you think it's worth to cut a release just for this?

[smoelius]

Do you think it's worth to cut a release just for this?

IMHO, it is fine to wait for the problem to be fixed upstream.

I apologize for making noise on your repo about a problem that is not yours.

[SIGSTACKFAULT]

https://github.com/rust-lang/cargo/pull/13004 was just merged

[smoelius]

https://github.com/rust-lang/cargo/issues/13002#issuecomment-1820290411

The problem as I reported it no longer applies. Closing.