Dependabot can't resolve your Rust dependency files

[dependabot-preview]

Dependabot can't resolve your Rust dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

error: failed to parse manifest at `/home/dependabot/dependabot-updater/dependabot_tmp_dir/Cargo.toml`

Caused by:
  editions are unstable

Caused by:
  feature `edition` is required

this Cargo does not support nightly features, but if you
switch to nightly channel you can add
`cargo-features = ["edition"]` to enable this feature

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

[GabrielMajeri]

@dependabot It seems dependabot use a stable version of Cargo to parse Cargo.toml, which explains why it couldn't parse this project's config (it requires a nightly version of Cargo to work correctly).

A quick workaround would be to change the bot's Dockerfile to use nightly Rust

[greysteil]

Hey @GabrielMajeri,

I added this check with this repo in mind, so I think Dependabot is doing the right thing here. You almost certainly know better, though!

Looking at your Cargo.toml, it looks like you're using edition = "2018" without declaring that you're using editions (i.e., without a cargo-features = ["edition"] line). There's also no rust-toolchain in this project, which is what Dependabot would normally use to figure out whether it should be using nightly Rust.

I tried playing around with this repo locally and found that even if I added a rust-toolchain file I was getting the feature edition is required error, which is why I elected to raise an error in Dependabot here - what am I missing?

[gnzlbg]

@greysteil I think that you are correct, https://doc.rust-lang.org/beta/cargo/reference/unstable.html#edition

We have to add cargo-features = ["edition"] on all of our Cargo.toml files.

@greysteil this repository contains many crates that are not part of the root directory, and are not in the same workspace, like the ones in the examples directory. Does dependabot check the dependencies of all Cargo.toml files inside a github repo ?

[GabrielMajeri]

There's also no rust-toolchain in this project,

That's actually a good idea to have, since packed_simd can only be built on nightly right now.

@gnzlbg When I updated the crates to Rust 2018, I initially used cargo-features, but with the latest nightlies, it's not necessary. Cargo says:

warning: the cargo feature `edition` is now stable and is no longer necessary to be listed in the manifest

Which is why I removed that line, and the CI runner has no issue. My cargo --version is cargo 1.30.0-nightly (a5d829494 2018-09-13), and it builds fine.

[gnzlbg]

@greysteil we have added rust-toolchain files to all the crates in the repo (./, ./examples, ./micro_benchmarks, and ./verify/verify). I've left a comment upstream about the issue with the cargo-features = ["edition"] (rust-lang/rust#44581) since it appears that the documentation says one thing, but the warning says something different. I'll leave this issue open till we manage to get dependabot working again, let us know if we can help in any way and sincere thanks for raising these issues to us :)

[greysteil]

^^ Looks like adding rust-toolchain has fixed things for Dependabot. I've also updated the Rust version Dependabot is using to 1.29.0 (from 1.28.0).

By default Dependabot will only run on the root-level Cargo.toml in this repo. In addition, you can get it to run on subdirectories by either:

1. Adding the subdirectories in your dashboard (click "add language" on this repo and then "advanced options" and you'll be able to specify the directory). This process is a bit clunky - we're about to make it better. OR
2. Using a Cargo workspace, in which case Dependabot will automatically work on all of the projects in the workspace. (I'm not sure whether that's appropriate for this repo or not.)

[gnzlbg]

Thank you @greysteil