cyclic package dependency: package js-sys v0.3.55 depends on itself

[roy-work]

Describe the Bug

  cyclic package dependency: package `js-sys v0.3.55` depends on itself. Cycle:
  package `js-sys v0.3.55`
      ... which satisfies dependency `js-sys = "^0.3"` of package `getrandom v0.2.10`
      ... which satisfies dependency `getrandom = "^0.2.7"` of package `ahash v0.8.3`
      ... which satisfies dependency `ahash = "^0.8.0"` of package `hashbrown v0.14.0`
      ... which satisfies dependency `hashbrown = "^0.14"` of package `indexmap v2.0.0`
      ... which satisfies dependency `indexmap = "^2"` of package `serde_json v1.0.107`
      ... which satisfies dependency `serde_json = "^1.0"` of package `wasm-bindgen v0.2.78`
      ... which satisfies dependency `wasm-bindgen = "^0.2.78"` of package `js-sys v0.3.55`
      ... which satisfies dependency `js-sys = "^0.3.46"` of package `web-sys v0.3.46`
      ... which satisfies dependency `web-sys = "^0.3.37"` of package `ring v0.16.20`
      ... which satisfies dependency `ring = "^0.16.20"` of package `rustls v0.20.2`
      ... which satisfies dependency `rustls = "^0.20.1"` of package `hyper-rustls v0.23.0`
      ... which satisfies dependency `hyper-rustls = "^0.23"` of package `reqwest v0.11.8`

Also (I forced it to the latest version here):

Caused by:
  cyclic package dependency: package `js-sys v0.3.64` depends on itself. Cycle:
  package `js-sys v0.3.64`
      ... which satisfies dependency `js-sys = "^0.3"` of package `getrandom v0.2.10`
      ... which satisfies dependency `getrandom = "^0.2.7"` of package `ahash v0.8.3`
      ... which satisfies dependency `ahash = "^0.8.0"` of package `hashbrown v0.14.0`
      ... which satisfies dependency `hashbrown = "^0.14"` of package `indexmap v2.0.0`
      ... which satisfies dependency `indexmap = "^2"` of package `serde_json v1.0.107`
      ... which satisfies dependency `serde_json = "^1.0"` of package `wasm-bindgen v0.2.87`
      ... which satisfies dependency `wasm-bindgen = "^0.2.87"` of package `js-sys v0.3.64`
      ... which satisfies dependency `js-sys = "^0.3.46"` of package `web-sys v0.3.46`
      ... which satisfies dependency `web-sys = "^0.3.37"` of package `ring v0.16.20`
      ... which satisfies dependency `ring = "^0.16.20"` of package `rustls v0.20.2`
      ... which satisfies dependency `rustls = "^0.20.1"` of package `hyper-rustls v0.23.0`
      ... which satisfies dependency `hyper-rustls = "^0.23"` of package `reqwest v0.11.8`

Steps to Reproduce

This occurs when I attempt to make updates to our Cargo.lock. Unfortunately, we do this with an automated script.

Expected Behavior

Not having a circular dep.

Actual Behavior

A circular dep.

Additional Context

I can follow this cycle all the way around on crates.io, too.

This occurred while trying to update a dependency on kube and kube-runtime to 0.86.0, but it seems to be that 0.84.0 works, and 0.85.0 exhibits the above cycle.

[Liamolucko]

It looks like some dependency is enabling wasm-bindgen's serde-serialize feature, which is deprecated for exactly this reason. You need to figure out what dependency that is and open an issue there.

This is a duplicate of #2770.

[roy-work]

Thanks. In my case, this appears to be reqwest.