Roll back once_cell to 1.19.0.

Roll back `wgpu`'s dependencies on `once_cell` from 1.20.1 to 1.19.0. Version 1.20.1 of `once_cell` added a more complex conditional dependency on `portable-atomic`, which causes `cargo metadata` to incorrectly list `portable-atomic` as a dependency even though the given `once_cell` features are not enabled. The Firefox source tree uses `cargo vet` to enforce supply-chain auditing. Since `cargo vet` depends on `cargo metadata` to tell it what crates are going to be included in the tree, the extraneous dependency above adds `portable-atomic` to the set of sources we must audit. Since `portable-atomic` is roughly 50kloc, we would like to avoid this. Nothing in `wgpu` actually needs `once_cell` 1.20; it was upgraded by Dependabot. So the simplest workaround for the moment is to roll back the version.
Vecvec · Oct 4, 2024 · ee0d170 · ee0d170
1 parent e432980
commit ee0d170
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 12 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -104,7 +104,7 @@ nanorand = { version = "0.7", default-features = false, features = ["wyrand"] }
 noise = { version = "0.8", git = "https://github.com/Razaekel/noise-rs.git", rev = "c6942d4fb70af26db4441edcf41f90fa115333f2" }
 nv-flip = "0.1"
 obj = "0.10"
-once_cell = "1.20.1"
+once_cell = "1.19.0"
 parking_lot = "0.12.1"
 pico-args = { version = "0.5.0", features = [
     "eq-separator",