Dependency update not possible

[maxrake]

Overview

The ability to cargo update this repository appears to be broken. The workflow that automates this process as a weekly task has been broken since ~12 JUL 2024.

How To Reproduce

❯ date
Mon Aug  5 11:41:26 CDT 2024

❯ cargo update
    Updating crates.io index
    Updating git repository `https://github.com/phylum-dev/phylum-types`
    Updating git repository `https://github.com/phylum-dev/vuln-reach`
error: failed to select a version for the requirement `wgpu-core = "^0.20"`
candidate versions found which didn't match: 22.1.0, 22.0.0, 0.21.1, ...
location searched: crates.io index
required by package `deno_webgpu v0.118.0`
    ... which satisfies dependency `deno_webgpu = "^0.118.0"` of package `deno_runtime v0.159.0`
    ... which satisfies dependency `deno_runtime = "^0.159.0"` of package `phylum-cli v6.6.6 (/Users/maxrake/dev/phylum/localdev/cli/cli)`
    ... which satisfies path dependency `phylum-cli` of package `xtask v0.1.0 (/Users/maxrake/dev/phylum/localdev/cli/xtask)`

Expected Behavior

Weekly automated dependency bumps are successful in running and updating to the latest set of packages.

Additional Context

This looks like another instance of needing to update the deno dependencies.

[kylewillmon]

wgpu-core v0.20.0 was yanked because it segfaults on rustc 1.79+. Most projects pull wgpu-core via the wgpu, which has a v0.20.1 release to fix this... We are unfortunate enough to get wgpu-core via deno_webgpu, which did not release a semver-compatible fix. So we have to go through breaking updates to fix this.

TLDR: We need to update our deno crates to something released after denoland/deno#24515 was merged

[maxrake]

A pin on tokio-util was added in #1621 and should likely be removed when deno is updated.

[maxrake]

A pin on serde was added in #1633 and should be examined for potential removal when deno is updated.