Closed Bug 1974821 Opened 3 months ago Closed 3 months ago

cargo-audit setup failed, feature `edition2024` is required

Categories

(Developer Infrastructure :: Lint and Formatting, defect)

Product:
Developer Infrastructure
Component:
Lint and Formatting
Type:
defect

Tracking

(firefox-esr128 unaffected, firefox-esr140 unaffected, firefox140 unaffected, firefox141 unaffected, firefox142 wontfix, firefox143 fixed)

Status:
RESOLVED FIXED
Milestone:
143 Branch
Tracking Flags:
Tracking Status
firefox-esr128 --- unaffected
firefox-esr140 --- unaffected
firefox140 --- unaffected
firefox141 --- unaffected
firefox142 --- wontfix
firefox143 --- fixed

People

(Reporter: robwu, Assigned: ahal)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1974821 - [lint] Skip 'cargo-audit' linter if minimum Rust version not met, r?robwu
48 bytes, text/x-phabricator-request
Details | Review

./mach lint --outgoing --fix started failing recently. Even after ./mach bootstrap (with 2. Firefox for Desktop), I still get a failure while trying to lint.

As the logs below show, it is due to my Rust version being at 1.83, while a dependency depends on theedition2024 feature, which is only in stable Rust 1.85.0 (https://blog.rust-lang.org/2025/02/20/Rust-1.85.0/).

Since bug 1747536 was closed in Firefox version 142, it might be time to bump the Minimum Supported Rust Version (MSRV) to 1.85.0.

$ ./mach lint --outgoing --fix
ERROR: cargo-audit setup failed
Traceback (most recent call last):
  File "/path/to/gecko/python/mozlint/mozlint/roller.py", line 235, in setup
    findobject(linter["setup"])(
  File "/path/to/gecko//tools/lint/cargo-audit/__init__.py", line 244, in setup
    output = run_process(
  File "/path/to/gecko/tools/lint/cargo-audit/__init__.py", line 170, in run_process
    raise RuntimeError(
RuntimeError: Command failed: cargo install --version 0.20.0 --color never cargo-audit
Exit code: 101
stdout:

stderr:
    Updating crates.io index
  Installing cargo-audit v0.20.0
    Updating crates.io index
     Locking 371 packages to latest compatible versions
      Adding abscissa_core v0.7.0 (available: v0.8.2)
      Adding auditable-info v0.7.2 (available: v0.9.0)
      Adding auditable-serde v0.6.1 (available: v0.8.0)
      Adding cargo-lock v9.0.0 (available: v10.1.0)
      Adding cvss v2.1.0 (requires Rust 1.85)
      Adding rustsec v0.29.3 (available: v0.30.2)
      Adding thiserror v1.0.69 (available: v2.0.12)
 Downloading crates ...
error: failed to compile `cargo-audit v0.20.0`, intermediate artifacts can be found at `/var/folders/wy/xxx/T/cargo-installtWs3xP`.
To reuse those artifacts with a future compilation, set the environment variable `CARGO_TARGET_DIR` to that path.

Caused by:
  failed to download `cvss v2.1.0`

Caused by:
  unable to get packages from source

Caused by:
  failed to parse manifest at `/Users/rwu/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cvss-2.1.0/Cargo.toml`

Caused by:
  feature `edition2024` is required

  The package requires the Cargo feature called `edition2024`, but that feature is not stabilized in this version of Cargo (1.83.0 (5ffbef321 2024-10-29)).
  Consider trying a newer version of Cargo (this may require the nightly release).
  See https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#edition-2024 for more information about the status of this feature.

ERROR: problem with lint setup, skipping cargo-audit

Rust version:

$ rustc --version
rustc 1.83.0 (90b35a623 2024-11-26)

:Sylvestre, since you are the author of the regressor, bug 1747536, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Flags: needinfo?(sledru)

Set release status flags based on info from the regressing bug 1747536

status-firefox140: --- → unaffected
status-firefox141: --- → unaffected
status-firefox142: --- → affected
status-firefox-esr128: --- → unaffected
status-firefox-esr140: --- → unaffected

Linking to mach-busted for visibility; this failure / logspam appears when using ./mach lint

./mach lint --outgoing --fix or even ./mach lint path/to/unrelated/file.js should return with a few lines at most; due to this issue my whole terminal is filled with the reported error / logspam.

Blocks: mach-busted

(Not sure if this is helpful) but I'm unable to lint code with this issue, if that helps escalate it.

:ahal while sylvestre is out, is this something you can take a look at? feel free to re-direct if needed.

Flags: needinfo?(ahal)
Assignee: nobody → ahal
Status: NEW → ASSIGNED
Flags: needinfo?(ahal)
Flags: needinfo?(sledru)

Note my patch more or less just hides the logspam and outputs a sane message. It will still not be possible to run cargo-audit unless the user upgrades their Rust toolchain.

I think that's fine, as there are a bunch of linters that tend to fail for various reasons like this locally. That said, we might still want to either bump the minimum Rust globally so ./mach bootstrap installs it, or else fix cargo-audit to not depend on these newer features.

I don't have a preference if that happens in this bug or in a follow-up, though just to set expectations I won't be implementing either option :p

https://hg.mozilla.org/mozilla-central/rev/2ea238c68a81

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
status-firefox143: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 143 Branch

The patch landed in nightly and beta is affected.
:ahal, is this bug important enough to require an uplift?

For more information, please visit BugBot documentation.

Flags: needinfo?(ahal)
status-firefox142: affectedwontfix
Flags: needinfo?(ahal)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: