search

crystal-lang / shards

Dependency manager for the Crystal language
Other
763 stars 100 forks source link

Not getting latest version of dependency #472

Closed Blacksmoke16 closed 3 years ago

Blacksmoke16 commented 3 years ago

I may be missing something as it's late, but I noticed when doing a shards install/update, it's not installing the latest version of that shard's dependencies.

With a shard.yml like:

dependencies:
  athena:
    github: athena-framework/athena

Running shards install produces the following lock file:

version: 2.0
shards:
  amber_router:
    git: https://github.com/amberframework/amber-router.git
    version: 0.4.4

  athena:
    git: https://github.com/athena-framework/athena.git
    version: 0.12.0

  athena-config:
    git: https://github.com/athena-framework/config.git
    version: 0.1.3

  athena-dependency_injection:
    git: https://github.com/athena-framework/dependency-injection.git
    version: 0.2.3

  athena-event_dispatcher:
    git: https://github.com/athena-framework/event-dispatcher.git
    version: 0.1.2

  athena-serializer:
    git: https://github.com/athena-framework/serializer.git
    version: 0.2.3

  athena-validator:
    git: https://github.com/athena-framework/validator.git
    version: 0.1.3

I would have expected the serializer and dependency injection shards to be updated to 0.2.4 as I recently released those versions, and they are defined as version: ~> 0.2.2 in Athena's shard.yml. If installing either the dependency injection shard or the serializer on their own, the correct version of 0.2.4 is used within the lock file.

EDIT: Tested with both 0.12.0 and 0.13.0.

bcardiff commented 3 years ago

That is the expected behavior.

bcardiff commented 3 years ago

Also, since shards packages do not need to follow semver, we can't assume that x.y.z+1 should be a safe replacement for x.y.z.

Blacksmoke16 commented 3 years ago

@bcardiff But these dependencies are defined with ~> 0.2.2. https://github.com/athena-framework/athena/blob/v0.12.0/shard.yml#L28. So I guess my question is why does it install 0.2.3 when 0.2.4 should totally be a valid version given I'm allowing patch updates, and it's a published release.

straight-shoota commented 3 years ago

I would suspect the cause to be hat the new 0.2.4 releases have athena-framework/config restricted to ~> 0.2.0 so that would not be compatible with the restriction ~> 0.1.3 on that dep in other dependencies.

Blacksmoke16 commented 3 years ago

@straight-shoota Ohh you would be exactly right. In that case 0.2.3 is the correct version. Going to close as this is expected.

straight-shoota commented 3 years ago

It would probably be nice if shards could share some insights why a newer version can't be selected. At least when running shards outdated. I'd expect that to not be trivial, though. Don't know if other dependency managers have such a feature.

bcardiff commented 3 years ago

I see, sorry @Blacksmoke16 for misreading the issue.

Sija commented 3 years ago

@straight-shoota IIRC rubygems have it.