[Bug] Cyclic dependency with latest iota.rs

[cycraig]

Bug description

Using the latest version of iota.rs on the dev branch with identity.rs causes a circular dependency that prevents compilation.

The same happens when including any other project that relies on a recent version of iota.rs, such as streams

Error message:

stdout : error: cyclic package dependency: package `getrandom v0.2.3` depends on itself. Cycle:
package `getrandom v0.2.3`
    ... which is depended on by `ahash v0.7.4`
    ... which is depended on by `hashbrown v0.11.2`
    ... which is depended on by `indexmap v1.7.0`
    ... which is depended on by `serde_json v1.0.64`
    ... which is depended on by `wasm-bindgen v0.2.74`
    ... which is depended on by `js-sys v0.3.51`
    ... which is depended on by `getrandom v0.2.3`
    ... which is depended on by `const-random-macro v0.1.13`
    ... which is depended on by `const-random v0.1.13`
    ... which is depended on by `ahash v0.3.8`

In identity.rs this is due to the use of the preserve_order feature of serde_json in identity-core:

serde_json = { version = "1.0", default-features = false, features = ["preserve_order", "std"] }

When coupled with a set of other crates with certain features enabled it causes a circular dependency of getrandom on itself. The dependencies below are a minimum subset sufficient to replicate the problem:

[dependencies]
serde_json = { version = "1.0", features = ["preserve_order"] }
wasm-bindgen = { version = "0.2", features = ["serde-serialize"] }
hashbrown = { version = "0.11" }
getrandom = { version = "0.2", optional = true, default-features = false, features = [ "js" ] }

Note that this PR in crypto.rs (a dependency of iota.rs) adds the "js" feature to their getrandom dependency, leading to the above situation. Since the "preserve_order" feature is critical in identity.rs, it might be sufficient to open a PR in crypto.rs to feature-gate their getrandom "js" dependency, as it appears to be used for WebAssembly support?

Language version

What programming language are you using? Rust or one of the bindings?
Which version of the language are you running?

• Language: Rust
• Version: 1.53

IOTA Identity version

Which version of IOTA Identity are you using?

• Version: dev branch (cb4bd72)

Steps To reproduce the bug

Explain how the maintainer can reproduce the bug.

1. Update the iota-client dependency in identity-iota Cargo.toml:

[dependencies.iota-client]
git = "https://github.com/iotaledger/iota.rs"
#rev = "0a011ec37f70874358cf530d3b8e4817c69c9a4c"
branch = "dev"
default-features = false

2. Try compile or run any example.

Expected behaviour

Using the latest version of iota.rs in identity.rs, or using identity.rs and streams in the same project, should compile successfully.

Actual behaviour

Compilation halts due to a circular dependency error reported by Cargo.

Errors

Paste any errors that you see, including logs, errors, or screenshots.

Cargo error message:

stdout : error: cyclic package dependency: package `getrandom v0.2.3` depends on itself. Cycle:
package `getrandom v0.2.3`
    ... which is depended on by `ahash v0.7.4`
    ... which is depended on by `hashbrown v0.11.2`
    ... which is depended on by `indexmap v1.7.0`
    ... which is depended on by `serde_json v1.0.64`
    ... which is depended on by `wasm-bindgen v0.2.74`
    ... which is depended on by `js-sys v0.3.51`
    ... which is depended on by `getrandom v0.2.3`
    ... which is depended on by `const-random-macro v0.1.13`
    ... which is depended on by `const-random v0.1.13`
    ... which is depended on by `ahash v0.3.8`

[cycraig]

The "js" feature for getrandom is required for WebAssembly support. So while it could be feature-gated for most targets, the wasm bindings still need a different solution.

Error message from wasm32-unknown-unknown target without the getrandom "js" feature (credit @PhilippGackstatter):

Err > RuntimeError: unreachable
    at __rust_start_panic (<anonymous>:wasm-function[7218]:0x4132b9)
    at rust_panic (<anonymous>:wasm-function[5734]:0x40d4eb)
    at std::panicking::rust_panic_with_hook::hbdbceb5cd158bf19 (<anonymous>:wasm-function[3917]:0x3d8313)
    at std::panicking::begin_panic_handler::{{closure}}::h9995bb2f0de4bb38 (<anonymous>:wasm-function[4486]:0x3f21cb)
    at std::sys_common::backtrace::__rust_end_short_backtrace::hc7608161a467c002 (<anonymous>:wasm-function[5631]:0x40c332)
    at rust_begin_unwind (<anonymous>:wasm-function[5389]:0x40923e)
    at std::panicking::begin_panic_fmt::hcd004178a7d9bbd9 (<anonymous>:wasm-function[5571]:0x40b7cd)
    at rand::rngs::thread::THREAD_RNG_KEY::__init::{{closure}}::hda8b4a9c5735a0bb (<anonymous>:wasm-function[5049]:0x402957)
    at rand::rngs::thread::thread_rng::hc658839e5d59f6ec (<anonymous>:wasm-function[2569]:0x373dd5)
    at libp2p_core::identity::Keypair::generate_ed25519::h9c09f881f4f1ae0a (<anonymous>:wasm-function[3170]:0x3a95eb)