Closed instinkt900 closed 2 months ago
Hi @instinkt900
Thanks for your question. There are some reasons that packages in ConanCenter keep updating their dependencies to use the latest ones:
zlib/1.2.11
, but then other packages in ConanCenter depend on zlib/1.3
, that is going to cause conflicts. So the community keeps sending PR to update the recipes to try to align to the "latest" that worksThe main issue is that the upgrade to libraries is done incrementally, one at a time, so it can take time until everything uses the latest dependencies, and conflicts happens in the meantime. We are taking several actions to improve this:
In any case, things are expected to evolve in ConanCenter, and that means that eventually it is possible to have some issues. There are a few things that are recommended from the user side, we have written them here: https://docs.conan.io/2/devops/using_conancenter.html. In short, to robustly use ConanCenter, it is recommended to use at least lockfiles (recommended Conan 2.0, lockfiles are way easier). Depending on the project requirements, it might be even recommended to store your own copy or your own binaries for your project dependencies in your own private server.
Since this issue, we have also added the "local-recipes-index" feature to improve creating packages from a conan-center-index
fork for the above mentioned increased robustness. Please check https://docs.conan.io/2/devops/devops_local_recipes_index.html
I am closing this ticket as responded, but please create new tickets for any further question you might have, thanks for the feedback.
What is your question?
I have a project that pulls in a handful of libraries using conan. They all specify exact versions. ie.
But every time I commit to my CI machine, conan will try to pull the libraries and complain that there are version conflicts. I'll fix the issue by explicitly providing overrides for these dependencies, ie.
self.requires("libwebp/1.3.2", override=True)
etc. which will allow the build to complete, then a week later I'll make another commit and there will be another library conflict.I would have thought that these libraries I'm pulling in would mostly be unchanging since I'm pulling specific libraries, but it seems like these libraries are constantly changing their own dependencies which leads to me having to troubleshoot and figure out what versions to pull again.
Whats the point in having specific versions if the versioned library continually changes it's own dependencies? I'm spending just as much time debugging my conan builds as I am doing my own development.
Have you read the CONTRIBUTING guide?