Open dtolnay opened 6 months ago
Is this part of a larger repo/workspace? I can't seem to reproduce either via just a single dep image
or via a real world repository. I let a script run a hundred times and the output is always the same.
Somewhere in image
's dependency graph, whatever was triggering this went away on March 14. I checked the GitHub Actions history of https://github.com/dtolnay/unicode-ident and I see this failure occur between March 10 (when image
0.25.0 was released and I updated to it in https://github.com/dtolnay/unicode-ident/commit/05a09281767967ead580eddeea7bd3614af7a60a) through March 13:
continue-on-error: true
in https://github.com/dtolnay/unicode-ident/commit/116dea8e6383796be937e0caaf52ddcefea02329 to stop getting emails, but you can expand the cargo outdated --workspace --exit-code 1
workflow step to see the failed output.)and then since March 14 (https://github.com/dtolnay/unicode-ident/actions/runs/8290204559/job/22687874893) it has been succeeding.
The unicode-ident repo does use a workspace, but the outputs I pasted when filing this issue on March 11 are not from unicode-ident. I got all of them using the minimal repro with just a single image = "0.25.0"
dependency and no workspace, using the latest nightly at the time (nightly-2024-03-12).
I tried to reproduce again today using nightly-2024-03-12 and the issue does not reproduce, so this issue isn't something that got fixed in Cargo — it's just been masked by some package in image
's dependency graph getting published or yanked around March 14.
The list of crate versions that got pulled into the March 13 builds can be reconstructed from the cargo clippy
step in https://github.com/dtolnay/unicode-ident/actions/runs/8274314132/job/22639463871.
and on March 14 from https://github.com/dtolnay/unicode-ident/actions/runs/8290204559/job/22687875159:
The difference is:
10a11
> Downloaded avif-serialize v0.8.1
13c14,16
< Downloaded bitstream-io v2.2.0
---
> Downloaded bumpalo v3.15.4
> Downloaded bytemuck v1.15.0
> Downloaded byteorder v1.5.0
19,27c22,40
< Downloaded clap_builder v4.5.2
< Downloaded clap v4.5.2
< Downloaded flume v0.11.0
< Downloaded fst v0.4.7
< Downloaded getrandom v0.2.12
< Downloaded jpeg-decoder v0.3.1
< Downloaded libc v0.2.153
< Downloaded num-rational v0.4.1
< Downloaded proc-macro2 v1.0.79
---
> Downloaded clap_lex v0.7.0
> Downloaded color_quant v1.1.0
> Downloaded crc32fast v1.4.0
> Downloaded criterion-plot v0.5.0
> Downloaded criterion v0.5.1
> Downloaded crossbeam-deque v0.8.5
> Downloaded either v1.10.0
> Downloaded fdeflate v0.3.4
> Downloaded gif v0.13.1
> Downloaded image v0.25.0
> Downloaded is-terminal v0.4.12
> Downloaded itoa v1.0.10
> Downloaded lebe v0.5.2
> Downloaded loop9 v0.1.5
> Downloaded new_debug_unreachable v1.0.4
> Downloaded paste v1.0.14
> Downloaded ppv-lite86 v0.2.17
> Downloaded profiling-procmacros v1.0.15
> Downloaded profiling v1.0.15
28a42,43
> Downloaded quick-error v2.0.1
> Downloaded quote v1.0.35
32,45c47
< Downloaded rav1e v0.7.1
< Downloaded ravif v0.11.4
< Downloaded rayon-core v1.12.1
< Downloaded rayon v1.9.0
< Downloaded regex-automata v0.4.6
< Downloaded regex-syntax v0.8.2
< Downloaded regex v1.10.3
< Downloaded rgb v0.8.37
< Downloaded roaring v0.10.3
< Downloaded same-file v1.0.6
< Downloaded scopeguard v1.2.0
< Downloaded serde_derive v1.0.197
< Downloaded serde_json v1.0.114
< Downloaded serde v1.0.197
---
> Downloaded ravif v0.11.5
49d50
< Downloaded spin v0.9.8
59a61,65
> Downloaded wasm-bindgen-backend v0.2.92
> Downloaded wasm-bindgen-macro-support v0.2.92
> Downloaded wasm-bindgen-macro v0.2.92
> Downloaded wasm-bindgen-shared v0.2.92
> Downloaded wasm-bindgen v0.2.92
Fortunately, this is easy to narrow down: Looks like ravif
is the only package that appears in both March 13 and March 14 but with different versions: 0.11.4 to 0.11.5. Indeed 0.11.5 got published on March 14 and accounts for every single other dependency change. https://crates.io/crates/ravif/0.11.5
So here is a surefire repro as of today:
#!/bin/bash
mkdir repro
cd repro
cargo +stable init
cargo +stable add image
cargo +stable add ravif@=0.11.4
cargo +stable outdated > cargo-outdated-0.out
while true; do
rm Cargo.lock
cargo +stable outdated > cargo-outdated-1.out
if ! diff -q cargo-outdated-0.out cargo-outdated-1.out &>/dev/null; then
cat cargo-outdated-0.out cargo-outdated-1.out
exit
fi
echo did not reproduce, trying again
done
I confirmed that the only difference between ravif 0.11.4 and ravif 0.11.5 is https://github.com/kornelski/cavif-rs/commit/d1577372a04a78f677fe94a91e0dba2df81f4f80.
This situation is probably your root cause:
[dependencies]
rav1e = { version = "0.7", default-features = false, features = ["threading"] }
#...
[target.'cfg(target = "wasm32-unknown-unknown")'.dependencies]
rav1e = { version = "0.6", default-features = false, features = ["wasm"] }
I was surprised to find that
cargo outdated
produces wildly different output each time I run it. I am unsure how to interpret what is going on here.Repro:
Sometimes when I run
cargo outdated
, it shows this:Sometimes it shows this:
Other times it shows this:
Other times it shows this: