Compilation error with url 2.5.3 / idna 1.0.3 with Rust < 1.81 and edition 2021 (resolver 2) when sqlx-core < 0.8.3 is in the dependency graph

[TotalKrill]

Edited by @hsivonen to put resolution options at the top for folks who come here:

To resolve this compilation error, update SQLx to 0.8.3 and/or update Rust to 1.81 or later.

This compilation error is due to a combination of:

1. SQLx unnecessarily turning off the default features of url, and from a proc macro context specifically. (Request for SQLx not to do that: Please do not turn off default features for url launchbadge/sqlx#3589)
2. url 2.5.3 (and idna 1.0.3) conditionally raising MSRV to 1.81 when default features are off (from no_std support for the url crate #831). Conditionally raising MSRV to 1.81 is not a semver break, because raising MSRV isn't a semver break.
3. resolver = "2", which is implied by edition = "2021" performing feature resolution for proc macro dependencies separately from normal dependencies, so a normal dependency on url with default features enabled does not cause default features to be enabled for the proc macro case.

Original report follows:

• Note that this crate implements the URL Standard not RFC 1738 or RFC 3986

Describe the bug

After update to v1.0.3 wich is picked up automatically since its a patch upgrade, our code no longer compiles the same.

rust versions tested:

• rustc 1.80.1
• rustc 1.81.0

   Compiling idna v1.0.3
error[E0658]: use of unstable library feature 'error_in_core'
  --> /home/krille/.cargo/registry/src/index.crates.io-6f17d22bba15001f/idna-1.0.3/src/lib.rs:78:6
   |
78 | impl core::error::Error for Errors {}
   |      ^^^^^^^^^^^^^^^^^^
   |
   = note: see issue #103765 <https://github.com/rust-lang/rust/issues/103765> for more information

[valenting]

@TotalKrill
Is your crate depending on idna directly with default-features = false.
Or is the issue url failing to propagate the std feature to idna?

[TotalKrill]

We are depending on url, not idna directly

[TotalKrill]

@valenting seems i was wrong about 1.81.0, seems to work there...

[hsivonen]

Are you depending on url with default-features = false?

I tried to repro on 1.80.1, and the following compiles:

rustup default 1.80
cargo new --bin testurl
cd testurl
cargo add url
cargo build

[TotalKrill]

we have a workspace, but we only depend on url like this: url = "2.5.0"

[TotalKrill]

running cargo tree -i url -f "{p} {f}"

this is what our tree ends up including, with two different versions of URL included, probably by one of our other deps.

• url v2.5.3 default,serde,std
• url v2.5.3

Edit: I meant version 2.5.3, 2.5.0 is the version that compiles

[hsivonen]

url 2.5.0 and url 2.5.2 depended on idna 0.5. url 2.5.1 depended on idna 1.0.

The introduction of no_std support to url in 2.5.3 and the introduction of core::error::Error to idna in 1.0.3 was intended not to change MSRV to 1.81 with default features but was expected to change MSRV to 1.81 for default-features = false users.

Do you somehow have url 2.5.1 in your dependency graph? Can you force Cargo to take url 2.5.3 in its place?

[TotalKrill]

Oh sorry, I am currently forcing our software to take 2.5.0, since 2.5.3 does not compile. Updated the previous comment to show that the cargo tree command showed 2.5.3

[hsivonen]

So if you have url 2.5.3 without features and url 2.5.3 with the feature std, Cargo should unify those to one copy of url with the feature std. Are you sure the edited comment about cargo tree is correct?

Aside: This isn't specific to idna. If I use Rust 1.80.1 with:

[dependencies]
url = { version = "2.5.3", default-features = false }
idna = "1"

...idna compiles and the compilation of url fails with a complaint about impl core::error::Error for ParseError {} in url.

[TotalKrill]

yep, my edited comment stands. But with what you say, something else might be changing to default-features = false

[hsivonen]

As long as something in your dependency graph depends on url without setting default-features = false, something else setting default-features = false shouldn't matter.

@Twixes, GitHub autolinks a couple of your changesets referencing this issue. Do you have minimized steps to reproduce?

[valenting]

I think cargo tree -e features might explain if there's such a dependency conflict.

[mental32]

Just felt this through my direct dependency to sqlx. I'm commenting here but I'm not sure who, sqlx or idna, is responsible in this case. (@hsivonen would appreciate your take here)

minimal verifiable example:

cd /tmp
cargo new idna-992-repro
cd idna-992-repro/
cargo add sqlx
cargo check

And I get the same compilation error as @TotalKrill

The latest version of SQLx is v0.8.2 in the example, but in my original encounter its v0.7.4.

(for the benefit of solution-seekers pinning to url = "=2.5.2" is the fix i am using for now.)

cargo --version --verbose

cargo 1.80.1 (376290515 2024-07-16)
release: 1.80.1
commit-hash: 37629051518c3df9ac2c1744589362a02ecafa99
commit-date: 2024-07-16
host: aarch64-apple-darwin
libgit2: 1.7.2 (sys:0.18.3 vendored)
libcurl: 8.7.1 (sys:0.4.72+curl-8.6.0 system ssl:(SecureTransport) LibreSSL/3.3.6)
ssl: OpenSSL 1.1.1w  11 Sep 2023
os: Mac OS 15.0.1 [64-bit]

rustc --version --verbose

rustc 1.80.1 (3f5fd8dd4 2024-08-06)
binary: rustc
commit-hash: 3f5fd8dd41153bc5fdca9427e9e05be2c767ba23
commit-date: 2024-08-06
host: aarch64-apple-darwin
release: 1.80.1
LLVM version: 18.1.7

[hsivonen]

As long as something in your dependency graph depends on url without setting default-features = false, something else setting default-features = false shouldn't matter.

Interestingly, this turns out not to be true.

rustup default 1.80
cargo new idna-992-repro
cd idna-992-repro/
cargo add sqlx
cargo add url
cargo check

Still fails. (Note the added cargo add url.)

@domenukk why does sqlx-core's dependency on url with default-features = false not unify with the top-level's dependency on url (with default features)?

[TotalKrill]

We are also using sqlx, so might be through that

[hsivonen]

sqlx-core has url = { version = "2.2.2", default-features = false }. How has that not failed due to url requiring alloc before?

[Twixes]

@hsivonen I pinned idna to 0.5 in Cargo.toml's [dependencies] – seems to solve the issue. It also appears to be stemming from sqlx for us

[hsivonen]

@hsivonen I pinned idna to 0.5 in Cargo.toml's [dependencies] – seems to solve the issue.

Do you mean PostHog/posthog@5f6e5d1 fixed it for you? That's really weird. By what mechanism should that help?

[Twixes]

Actually you are right, the Cargo.toml change doesn't help. It's the --locked arg of cargo install that's the fix.

For us, the issue was with this command:
cargo install [email protected] --no-default-features --features native-tls,postgres
Used to work with Rust 1.77, but starting today it only works on 1.81+ – because of idna 1.0 getting installed. Our lockfile has already been specifying idna 0.5 though, now that I look at it.

By appending --locked to cargo install [email protected] --no-default-features --features native-tls,postgres we make it so that the lockfile is respected, fixing installation. (It looks like there's no alternative way to restrict transitive dependencies in cargo install)

[hsivonen]

The sqlx change that added default-features = false was launchbadge/sqlx@d76b135 which doesn't explain why.