serde: Rust 1.48 support broken by `resolver` field in packaged `Cargo.toml`

I have a failure in PyO3 CI which I can also reproduce locally.

error: failed to download `serde v1.0.143`

Caused by:
  unable to get packages from source

Caused by:
  failed to parse manifest at `/Users/david/.cargo/registry/src/github.com-1ecc6299db9ec823/serde-1.0.143/Cargo.toml`

Caused by:
  feature `resolver` is required

Looking at the unpacked Cargo.toml it contains resolver = "1" - I wonder if the cargo package process has somehow added this and broken support for older cargo versions?

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 9
  • Comments: 16 (6 by maintainers)

Commits related to this issue

Most upvoted comments

I followed up with @dtolnay on twitter DM about this, and his response was that there is no MSRV policy for serde, and thus this is an issue that is not likely to be fixed.

Hmm … I find that a bit odd. 🤷 Sure, the readme could be argued about. But when even the cargo manifest shows something as rustc 1.13+, only to find out it actually requires something more like rustc 1.50+ when used in a project feels a bit like false advertising to me. So either the readme and manifest should be updated, or the crate should be rebuild with stable cargo which does not have that bug. There even is a dedicated CI job named msrv that tests with rustc 1.13. That does not feel like “there is no MSRV policy for serde” to me. 😕

I am aware that this may sound a bit harsh, especially considering that this issue is boils down to a bug in cargo and not in serde. So the serde developers are not even to blame for this. However, with such an important and widely used crate like serde this could potentially cause trouble for a lot of other projects that depend on serde. In my opinion, deciding not to fix this is not really helpful. So I am still hoping that one of the next serde releases comes with a fix for that - whether its just updating the MSRV or getting rid of that troublesome resolver line.

+7
striezel on Aug 11, 2022

This has been fixed in 1.0.144: https://docs.rs/crate/serde/1.0.144/source/Cargo.toml

+4
taiki-e on Aug 21, 2022

Since serde’s own metadata claims to support 1.13+, I’ll leave this open until the next serde release is pushed. Should help community members who hit this in the meanwhile.

+4
davidhewitt on Aug 11, 2022

According to that issue its not in stable, though? So presumably whoever does serde uploads needs to just bump the version and do a re-upload using stable cargo?

+2
TheBlueMatt on Aug 9, 2022

In Suricata we try to support the Rust versions as they are shipped by the major (Linux) distributions, so Suricata can be packaged. For this reason we maintain a table of OS’ that are important to us. Debian 11 (current stable) is the lowest, at Rust version 1.48. I think especially projects that are not pure Rust (like Suricata, which is C+Rust) care more about distro packaging and support, since we know our users do.

We’re maintaining our table here: https://redmine.openinfosecfoundation.org/issues/4163 (screenshot added for reference)

Screenshot from 2022-08-12 10-22-02

I think would be great if Serde, and all other projects, would define a clear MSRV policy to help users of the crates ecosystem know what to expect.

+1
victorjulien on Aug 12, 2022
Read more comments on GitHub
← serde: i128 and u128 integers missing Deserialize impls
serde: Unable to serialize sequence without knowing all elements. →