-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"lockfiles" #4
Comments
To summarize the comments from pubgrub-rs/pubgrub#39 so far: mpizenberg: pubgrub-rs/pubgrub#39 (comment) LockfilesI can see different levels of support for this functionality, depending on the level of trust we give to the lockfile.
aleksator: pubgrub-rs/pubgrub#39 (comment) The problem comes when updating a set of dependencies (bumping dependency version in Cargo.toml) with a lockfile present. The packages should be kept as closely as possible to specified lockfile while still performing needed upgrades. mpizenberg: pubgrub-rs/pubgrub#39 (comment) Interesting! Is there a formal "distance" specification in the space of versions. A way of ranking different choices? In case versions in the lockfile are compatible with changes in
I think in most cases, (1) is the best choice. It's also a choice that doesn't require any change to the current state of pubgrub. aleksator: pubgrub-rs/pubgrub#39 (comment) Oh, it's rather binary: is it possible to use the exact version specified in the lockfile? Yes -> use it, no -> use normal dependency resolution ("unlock it"). So if my understanding is correct, the strategy 1 should be used and indeed the support of lock files delegated to DependencyProvider implementation. |
In Cargo we definitely do 1. and it is an important tool. But we have another layer of hacks on top because of another property of Lockfiles. If the lockfile can satisfy all dependencies then we do not ask the index about new versions. Updating the index is an expensive step and we only want to do it if we need to. The hacks we do in Cargo involve replacing Ranges with "=" constraints if there is a version in the lockfile that matches, then have "list_available_versions" not update the index if the Range is an "=" constraint. This is a mess, and often wrong. But I think it can be done well with the changes in pubgrub-rs/pubgrub#50 that removes "list_available_versions". If there is a package that is in the lockfile, then decide on that before other packages. If there is a version in the lockfile that is contained in the Range then return it first; else update the index and take the best. |
"lockfiles" is a way to encode and reuse the output from a previous resolution, and even if the dependencies have changed keep things as similar as possible. In Cargo this is done by a set of heuristics that are part of the dependency provider, and it is a mess. In dart this is somehow worked into the resolver.
This issue is to split off and continue the conversation from pubgrub-rs/pubgrub#39
The text was updated successfully, but these errors were encountered: