cargo update ping pongs between crate versions

[danburkert]

This doesn't cause any actual issues, but it seems that when you have a dependency being pulled in with multiple versions, cargo update always outputs changes:

$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding byteorder v0.3.13
      Adding libc v0.1.12
      Adding winapi v0.1.23
$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding byteorder v0.3.13
      Adding libc v0.2.2
      Adding winapi v0.2.5
$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding byteorder v0.4.2
      Adding libc v0.1.12
      Adding winapi v0.2.5
$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding byteorder v0.3.13
      Adding libc v0.1.12
      Adding winapi v0.1.23
$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding byteorder v0.3.13
      Adding libc v0.2.2
      Adding winapi v0.1.23
$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding byteorder v0.3.13
      Adding libc v0.2.2
      Adding winapi v0.2.5

This is currently reproducible via this checkout: danburkert/raft@4147bfb.

Dependencies:

Cargo.lock:

[root]
name = "raft"
version = "0.0.1"
dependencies = [
 "bincode 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "bufstream 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "capnp 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "capnp-nonblock 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "capnpc 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "docopt 0.6.76 (registry+https://github.com/rust-lang/crates.io-index)",
 "env_logger 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "log 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
 "mio 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
 "rand 0.3.12 (registry+https://github.com/rust-lang/crates.io-index)",
 "rustc-serialize 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)",
 "scoped_log 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "serde 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "serde_json 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "serde_macros 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "uuid 0.1.18 (registry+https://github.com/rust-lang/crates.io-index)",
 "wrapped_enum 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "advapi32-sys"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
 "winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "aho-corasick"
version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "memchr 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "aster"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "bincode"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "byteorder 0.3.13 (registry+https://github.com/rust-lang/crates.io-index)",
 "num 0.1.28 (registry+https://github.com/rust-lang/crates.io-index)",
 "rustc-serialize 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)",
 "serde 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "bitflags"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "bufstream"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "byteorder"
version = "0.3.13"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "byteorder"
version = "0.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "bytes"
version = "0.2.11"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "capnp"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "byteorder 0.3.13 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "capnp-nonblock"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "byteorder 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "capnp 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "capnpc"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "capnp 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "docopt"
version = "0.6.76"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "regex 0.1.41 (registry+https://github.com/rust-lang/crates.io-index)",
 "rustc-serialize 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)",
 "strsim 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "env_logger"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "log 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
 "regex 0.1.41 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "kernel32-sys"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
 "winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "libc"
version = "0.1.12"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "libc"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "log"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "libc 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "memchr"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "libc 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "mio"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "bytes 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
 "log 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
 "nix 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
 "slab 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "time 0.1.34 (registry+https://github.com/rust-lang/crates.io-index)",
 "winapi 0.1.23 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "nix"
version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "bitflags 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "num"
version = "0.1.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "rand 0.3.12 (registry+https://github.com/rust-lang/crates.io-index)",
 "rustc-serialize 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "quasi"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "quasi_codegen"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "aster 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "quasi_macros"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "quasi_codegen 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "rand"
version = "0.3.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "advapi32-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "regex"
version = "0.1.41"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "aho-corasick 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
 "memchr 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
 "regex-syntax 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "regex-syntax"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "rustc-serialize"
version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "scoped_log"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "log 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "serde"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "num 0.1.28 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "serde_codegen"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "aster 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "quasi 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
 "quasi_macros 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "serde_json"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "num 0.1.28 (registry+https://github.com/rust-lang/crates.io-index)",
 "serde 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "serde_macros"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "serde_codegen 0.6.3 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "slab"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "strsim"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "time"
version = "0.1.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "kernel32-sys 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "uuid"
version = "0.1.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "rand 0.3.12 (registry+https://github.com/rust-lang/crates.io-index)",
 "rustc-serialize 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "winapi"
version = "0.1.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
 "libc 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
]

[[package]]
name = "winapi"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "winapi-build"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "wrapped_enum"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"

[alexcrichton]

There's some degree of non-determinism during resolution due to usage of what is presumably a HashMap somewhere, and while this has been great for fleshing out bugs it does lead to situations like this. It's always possible that there's multiple solutions to resolving a graph, and Cargo just picks the first one it reaches so it may reach different ones in different cases.

That being said I haven't ever run across a downside to this behavior, so I'm somewhat inclined to leave it as-is?

[shepmaster]

run across a downside to this behavior

I believe I am missing something here. My output:

$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding traitobject v0.0.1
      Adding url v0.2.38
$ cargo update
    Updating registry `https://github.com/rust-lang/crates.io-index`
      Adding traitobject v0.0.3
      Adding url v0.5.0

Presumably there have been interesting bugfixes that occurred between these versions, especially a crate like url. It seems kind of non-ideal to happen to choose a {days,weeks,months}-old version of a crate just because it was valid.

[kardeiz]

I believe I am encountering this same issue. I have a project where I would like to specify a precise version for a dependency (iron) of a dependency (a cookie utility), so that I can converge on a single version of iron in my application. I depend on iron 0.3.0 and my cookie utility specifies its iron dependency like iron = ">= 0.3, <= 0.4". I have found that by running cargo update -p <cookie_util> one or more times, I can get cargo to converge on 0.3.0.

On the one hand, this is great, since I want this to happen, but the fact that it seems random bothers me. There is a little bit of additional information and steps to reproduce at my StackOverflow question.

[alexcrichton]

I believe that much of this will get mitigated by #2064 as Cargo will have a much better understanding of what's exporting what, but I don't think the nondeterminism will ever really go away. Cargo will likely have heuristics to maximize things like the version number, but fundamentally crate resolution is a problem with multiple solutions where it's not always clear which is optimal.

[alexcrichton]

I'm going to close this in favor of #2064

[codyps]

IMO, non-determinism is a separate issue from cargo resolving non-buildable lock files. #2064 only adds additional restrictions which fix build errors, but doesn't remove non-determinism (which is still a problem).