[Bug]: Lock file for v0.5.0 out of sync with manifest

[alerque]

Bug Description

I'm trying to bump Arch Linux packaging for the new release, but the lock file is out of sync:

error: the lock file /build/youki/src/youki/Cargo.lock needs to be updated but --locked was passed to prevent this
If you want to try to generate the lock file without accessing the network, remove the --locked flag and use --offline instead.

Steps to Reproduce

1. Clone repo and checkout the v0.5.0 tag
2. cargo build --frozen --release --bin youki

Expectation

Can you please setup something to confirm that the lock file is synced before tagging releases? This may be just a case of the actual release bump version not being in the lock file, or there may be other things out of sync too. Either way it's a pain downstream to look into every time (it was broken in v0.3.2 as well and possibly others).

System and Setup Info

No response

Additional Context

No response

[alerque]

More than just this release's version is out of sync in the lock file.

[YJDoc2]

Hey @alerque , sincere apologies that this is an issue. I'll definitely look into adding appropriate CI in our release flow to make sure this doesn't happen again.

We'll also see what can be done for the release, as we cannot update a published package, maybe we'll yank it and do updated release 0.5.1 with fixed lockfile. cc @utam0k

Thanks for opening the issue, this was not something we were aware of till now :)

[alerque]

No need to yank (the release doesn't have anything dangerous or malicious) it just doesn't work for all build scenarios. A new patch release with a working lock file would be appreciated.

One of the issues seems to be the version of rust-criu specified in the manifest is not the one in the lock file, and criu seems to have hard coded constants for the version of protobuf it depends on. I can't build in frozen/locked mode because the lock file is out of sync and I can't cargo update because I'll get a completely different version of protobuf with different constants.