cargo upgrade downgrades packages

[emchristiansen]

For example, here's the output of cargo upgrade --incompatible=allow --pinned=allow:

Note that it incorrectly detects the latest versions of most of the packages.
I have similar behavior with cargo upgrade --incompatible=allow.
Also, these commands take about 5 minutes to finish, which seems very slow to me.

FYI, I'm fully up to date as of time of writing (rustc 1.73.0 (cc66ad468 2023-10-03) and cargo-edit-upgrade 0.12.2.

[epage]

Without a reproduction case, its hard to say.

My best guess is that this could be related to #856 which I never got around to adding a note when MSRV gets involved (trying to put my effort to instead merging this into cargo).

I'd be curious what your project's package.rust-version is as async-process 1.6 has an MSRV of 1.46 (see https://crates.io/crates/async-process/versions). To downgrade to 1.3 would be either a bug or a very low MSRV. You should also be seeing errors from cargo if it is an MSRV thing (without being a bug).

[emchristiansen]

My project is pretty sprawling, so it might be hard to whittle this down to a minimal reproduction case.
But if there's a command I can run to collect useful debug info, please let me know.

FYI, I didn't define rust-version (assuming you mean this) for any of the crates in my workspace.
AFAIK I'm using the latest Rust version.

BTW, all I really want is for cargo upgrade to lookup the latest versions of my dependencies and then splat them into my Cargo.toml; I'll take care of any conflicts myself.
Is there a quick-and-dirty way of calling cargo upgrade to get it to do this?
(I'm guessing the problem is it's trying to do dependency conflict resolution, and failing?)

[epage]

I tried reproducing by ust having a package depend on async-process without a rust-version set and I wasn't able to reproduce this.

[emchristiansen]

BTW, do you see that it's not just async-process that was downgraded?
It's the majority of the packages.

[epage]

I was using that as a representative sample.

[mhristache]

I am seeing a similar issue, cargo upgrade -i is downgrading hyper from 1.x to 0.14:

name        old req compatible latest  new req
====        ======= ========== ======  =======
async-trait 0.1.74  0.1.77     0.1.77  0.1.77
anyhow      1.0.75  1.0.79     1.0.79  1.0.79
serde_json  1.0.108 1.0.111    1.0.111 1.0.111
serde       1.0.193 1.0.195    1.0.195 1.0.195
hyper       1.0.1   -          0.14.28 0.14.28
once_cell   1.18.0  1.19.0     1.19.0  1.19.0
mockall     0.11.4  0.11.4     0.12.1  0.12.1

[ia0]

I can reproduce this with the syn crate. I suspect cargo upgrade is unable to properly read the crates.io index in some circumstances that I couldn't identify. I created #892 to track this issue which is more general than just downgrading.