Roll back once_cell to 1.19.0.

[jimblandy]

Roll back wgpu's dependencies on once_cell from 1.20.1 to 1.19.0.

Version 1.20.1 of once_cell added a more complex conditional dependency on portable-atomic, which causes cargo metadata to incorrectly list portable-atomic as a dependency even though the given once_cell features are not enabled.

The Firefox source tree uses cargo vet to enforce supply-chain auditing. Since cargo vet depends on cargo metadata to tell it what crates are going to be included in the tree, the extraneous dependency above adds portable-atomic to the set of sources we must audit. Since portable-atomic is roughly [edit] 28kloc, we would like to avoid this.

Nothing in wgpu actually needs once_cell 1.20; it was upgraded by Dependabot. So the simplest workaround for the moment is to roll back the version.

[ErichDonGubler]

The offending Cargo bug: rust-lang/cargo#10801

Recognition of this bug from once_cell upstream: matklad/once_cell#265 (comment)

Complaint from myself about the above: rust-lang/cargo#10801 (comment)

[taiki-e]

I have sent a PR to once_cell to work around the cargo bug: matklad/once_cell#267

roughly 50kloc

Well, at least more than half of them are tests (precisely its helper, perhaps should be extracted to another repository EDIT: I moved it into its own repository).

$ tokei tests                               
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 Language              Files        Lines         Code     Comments       Blanks
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 LD Script                 1          102           71           14           17
 TOML                      7          204          158            8           38
─────────────────────────────────────────────────────────────────────────────────
 Rust                    240        31641        30151          977          513
 |- Markdown               1            9            0            7            2
 (Total)                            31650        30151          984          515
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 Total                   248        31956        30380         1006          570
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

$ tokei tests/helper 
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 Language              Files        Lines         Code     Comments       Blanks
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 TOML                      1           30           24            0            6
─────────────────────────────────────────────────────────────────────────────────
 Rust                    233        30257        28848          953          456
 |- Markdown               1            9            0            7            2
 (Total)                            30266        28848          960          458
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 Total                   234        30296        28872          960          464
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

[jimblandy]

I have sent a PR to once_cell to work around the cargo bug: matklad/once_cell#267

@taiki-e Thank you very much for this - it's greatly appreciated!

As it turns out, we are using once_cell functions that are present in std but still experimental, so we need to keep the dependency on once_cell in some form or another.

I don't think there's anything wrong with portable-atomic spending lines to do what it needs to do. It's difficult for Firefox to take on new dependencies even when their engineering is good. But auditing 28kloc is still a substantial chunk of time.

[jimblandy]

For the future: it seems like with matklad/once_cell#267, released as 1.20.2, we can probably just accept another once_cell upgrade if offered/needed.