Git tag names containing + cause cargo to fetch the tag repeatedly

[bruceg]

Problem

When given tag names containing a +, cargo will re-fetch the tag every time dependency operations are run.

The following Cargo.toml file exhibits the problem:

[package]
name = "cargo-test"
version = "0.1.0"
edition = "2021"

[dependencies]
openssl-src = { git = "https://github.com/vectordotdev/openssl-src-rs", tag = "release-300-force-engine+3.1.2" }

As written, running cargo tree > /dev/null repeatedly fetches the tag each time. When the + in the tag is replaced with _ (same underlying revision), the tag is fetched only once and subsequently the cached version is used.

In our larger dependency file, this also ends up fetching the crates.io index repeatedly as well, causing undue load on the servers. I have not pinned down where this happens, as replacing the tags in the larger file also fixes the problem.

Steps

No response

Possible Solution(s)

No response

Notes

No response

Version

cargo 1.71.1 (7f1d04c00 2023-07-29)
release: 1.71.1
commit-hash: 7f1d04c0053083b98fa50b69b6f56e339b0556a8
commit-date: 2023-07-29
host: x86_64-unknown-linux-gnu
libgit2: 1.6.4 (sys:0.17.1 vendored)
libcurl: 8.0.1-DEV (sys:0.4.61+curl-8.0.1 vendored ssl:OpenSSL/1.1.1t)
ssl: OpenSSL 1.1.1t  7 Feb 2023
os: Ubuntu 22.04 (jammy) [64-bit]

[weihanglo]

Thanks for the report!

This was a known issue first reported in #11085. The relevant fix was merged with #12280 behind a non-public-facing feature flag. However, that fix needs a Cargo.lock version bump, so we try to gather a certain number of changes before committing a new version to avoid too much churn. See #12120.

[bruceg]

Thanks, @weihanglo I didn't see that previous issue in my searches.