v1.17: Unpin ahash version

[acheroncrypto]

Problem

The pinned ahash version is causing nightly build errors with 1.17 crates as described in #1572.

Summary of changes

Unpin ahash version and use the same version requirement as the v1.18 branch.

Resolves #1572

[acheroncrypto]

This changed automatically since the crate specifies hashbrown = ">=0.11,<0.14" version requirement, and I confirmed it's the same in the v1.18 branch:

agave/Cargo.lock

Line 934 in 7696b27

"hashbrown 0.13.2",

[joncinque]

We don't typically bump dependencies on a stable branch unless there's something important, like a security vulnerability. Would it be possible to simply remove the = on the version requirement to address the issue?

It looks like ahash was pinned to 0.8.4 with solana-labs#34636, but that might not have been necessary.

@yihau, since you did the pin, what do you think of just changing the requirement to be less strict and remove the =?

Also, I'm not sure if there are any more releases planned on the 1.17 line, but maybe we can get one out to address downstream build issues.

[acheroncrypto]

Would it be possible to simply remove the = on the version requirement to address the issue?

Yes, I think that should also solve the issue since new installations would fetch the newest SemVer compatible ahash version, which is 0.8.11 currently.

FWIW, ahash version in this PR (and Cargo.lock) is the same as the v1.18 branch currently, and I believe the patch mostly exists to fix this build problem that got introduced last month.

Changes: tkaitchuck/aHash@v0.8.4...0.8.7

[yihau]

sorry for missing this PR. we lost the history error log so I just tried on my local. our v1.17 couldn't use ahash > 0.8.7 because of the rust version issue. (there is an aggressive patch version update in ahash)

the reproducible steps:

1. pin ahash to 0.8.7 in Cargo.toml
2. ./scripts/cargo-for-all-lock-files.sh tree
3. cargo clean
4. cargo test --package solana-cargo-build-sbf --test crates -- test_build --exact --show-output
   (^^^ ensure you have the log Compiling ahash v0.8.7)
5. you will see the error

iirc the issue happen in the release process as well 😢

also as Jon mentioned, that's also my understanding, we won't have any v1.17 release. I guess it's not a good idea to unpin ahash version.

[acheroncrypto]

our v1.17 couldn't use ahash > 0.8.7 because of the rust version issue. (there is an aggressive patch version update in ahash)

Yeah, the issue is unfortunate because we're only trying to fix the build using the nightly compiler here, but then Solana's own build breaks.

also as Jon mentioned, that's also my understanding, we won't have any v1.17 release.

Got it. This issue is not that big of a problem since it works in the v1.18 branch. Only issue is people run into this from different crates who require specific version of solana-program e.g. coral-xyz/anchor#2984 (comment), making it difficult for people to upgrade.

Fortunately, cargo has great patching capability, so I'll just share this branch with the people who run into this issue.