Closed
Description
Cargo has the restriction that only one semver-compatible version is allowed per source. Using [patch] however allows you to subvert this restriction by accident, causing issues with using [patch]. When using [patch] the major version pulled in from [patch] is not considered source-equal with other versions from the same source, seemingly allowing two major versions to be in the crate graph!
This bug is likely in the resolver where during the check for whether a package can be activated we'll need to add some logic to the source check to take into account [patch] (or similar)
An example test showing this failure is:
#[cargo_test]
fn patch_older() {
Package::new("baz", "1.0.2").publish();
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.1.0"
[dependencies]
bar = { path = 'bar' }
baz = "=1.0.1"
[patch.crates-io]
baz = { path = "./baz" }
"#,
)
.file("src/lib.rs", "")
.file(
"bar/Cargo.toml",
r#"
[project]
name = "bar"
version = "0.5.0"
authors = []
[dependencies]
baz = "1.0.0"
"#,
)
.file("bar/src/lib.rs", "")
.file(
"baz/Cargo.toml",
r#"
[project]
name = "baz"
version = "1.0.1"
authors = []
"#,
)
.file("baz/src/lib.rs", "")
.build();
p.cargo("build")
.with_stderr(
"\
[UPDATING] [..]
[COMPILING] baz v1.0.1 [..]
[COMPILING] bar v0.5.0 [..]
[COMPILING] foo v0.5.0 [..]
[FINISHED] [..]
",
)
.run();
}