Manifest re-serialization in 'cargo package' is non-deterministic #4326
Description
In Cargo.toml files generated by cargo vendor, the order of dependencies seems not to be deterministic: when updating in Firefox a crate to a version that did not change the set of dependencies, I get a diff like below.
Could this be based on the iteration order of a HashMap that uses the default RandomState hasher? If so, what do you think of switching to a deterministic hasher? Or perhaps sorting before generating TOML files?
diff --git a/third_party/rust/cssparser/Cargo.toml b/third_party/rust/cssparser/Cargo.toml
index 76fadfd855e4..94e9f473274c 100644
--- a/third_party/rust/cssparser/Cargo.toml
+++ b/third_party/rust/cssparser/Cargo.toml
@@ -12,7 +12,7 @@
[package]
name = "cssparser"
-version = "0.18.0"
+version = "0.18.1"
authors = ["Simon Sapin <simon.sapin@exyr.org>"]
build = "build.rs"
exclude = ["src/css-parsing-tests/**", "src/big-data-url.css"]
@@ -22,33 +22,33 @@ readme = "README.md"
keywords = ["css", "syntax", "parser"]
license = "MPL-2.0"
repository = "https://github.com/servo/rust-cssparser"
-[dependencies.heapsize]
-version = ">= 0.3, < 0.5"
-optional = true
-
[dependencies.serde]
version = "1.0"
optional = true
+[dependencies.heapsize]
+version = ">= 0.3, < 0.5"
+optional = true
+
[dependencies.procedural-masquerade]
version = "0.1"
-[dependencies.cssparser-macros]
-version = "0.3"
-
[dependencies.matches]
version = "0.1"
[dependencies.phf]
version = "0.7"
-[dev-dependencies.encoding_rs]
-version = "0.5"
+
+[dependencies.cssparser-macros]
+version = "0.3"
+[dev-dependencies.rustc-serialize]
+version = "0.3"
[dev-dependencies.difference]
version = "1.0"
-[dev-dependencies.rustc-serialize]
-version = "0.3"
+[dev-dependencies.encoding_rs]
+version = "0.5"
[build-dependencies.syn]
version = "0.11"