-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Major-open semver range does not properly unify with closed semver ranges #9029
Comments
Thank you for the clear description and reproducible example! It may be possible to make an iterative optimization procedure. |
Understandable, and almost certainly the correct target for private dependencies. Just very unfortunate for public dependencies, where it's not so much wanting to "have the fewest versions" as wanting not to "expected type Perhaps this is another thing that could/should be tied to public/private dependencies. Currently, marking the dependencies as public panics on unimplemented |
Yes, public/private dependencies would be a good more general solution for this problem. If you hit that panic then there is not solution for those constraints or there is a bug in resolving public/private dependencies ( which would not be surprising, there is a reason it is unstable). |
Definitely some bugs remaining; manually creating a lockfile with just |
I wonder if this issue could be addressed by extending the
This would patch the |
This does not work as I would hope (see rust-lang/cargo#9029) so we need to restrict this to just the same version that lspower uses (for the sake of the LSP). This is bad in its own way though as lspower does not adhere to semver which can cause its own breakages. Personally I'd like use to remove the `From` implementations we provided here and let the LSP have its own, explicit conversions so we could avoid this churn 🤷.
This does not work as I would hope (see rust-lang/cargo#9029) so we need to restrict this to just the same version that lspower uses (for the sake of the LSP). This is bad in its own way though as lspower does not adhere to semver which can cause its own breakages. Personally I'd like use to remove the `From` implementations we provided here and let the LSP have its own, explicit conversions so we could avoid this churn 🤷.
Perhaps this should be a different issue, but the Dependency Resolver section of the Cargo Book doesn't mention this aspect of the current resolver, which led me to be very confused about another instance of the behavior described here. Since it seems like this behavior will continue to happen for a while, it "would be nice"™ if the book discussed it. |
As the one who was just looking for this information, and having trouble finding it, you are in the best position to guide us on how to improve the documentation. |
This documents the behavior described in rust-lang#9029, where sometimes Cargo will duplicate a dep when it doesn't have to.
PR submitted as #11604. |
book: describe how the current resolver sometimes duplicates deps ### What does this PR try to resolve? This updates the book to document the behavior described in #9029, where sometimes Cargo will duplicate a dep when it doesn't have to. ### How should we test and review this PR? Doc-only change; someone with knowledge of the resolver should read and assess.
Problem
If a dependency's version is constrained to cover multiple semver-incompatible releases, the version selected does not unify with more specific restrictions from elsewhere in the build graph. E.g. a requirement for
>=0.0.0, <0.9.0
and a requirement for^0.4.0
results in both version0.4.x
and0.8.y
being pulled in (or0.4.x
and0.1.0
with-Zminimal-versions
), rather than unifying both versions to just0.4.x
.Manually adjusting the lockfile to use
0.4.x
in both cases works as expected; this is just an issue with the "find the best solution" codepath, not the "check the lockfile satisfies" codepath.Originally reported by @MaximilianKoestler on URLO: https://users.rust-lang.org/t/crate-interoperability-and-3rd-party-types-in-interfaces/53431
Steps
Repro from @MaximilianKoestler : https://github.com/MaximilianKoestler/crate-version-testing
Using the
rgb
crate as our target, this is exemplified using just the three packages:The generated lockfile:
Possible Solution(s)
Ideally, if all constraints overlap, only a single version should be selected. Otherwise, maintaining support for old semver-incompatible versions of public dependencies (when the subset you're using didn't change) is almost meaningless, as cargo won't unify the dependency off of the most recent semver-compatible range (or first with
-Zminimal-versions
).Notes
Output of
cargo version
:cargo 1.50.0-nightly (75d5d8cff 2020-12-22)
(also occurs on stable)The text was updated successfully, but these errors were encountered: