Closed felangel closed 4 years ago
Nice catch, but yeah there seems to be something odd here.
On the linked path_provider
package it is because of meta
: the resolved version is 1.1.6
, while the available version is 1.1.7
.
It looks like the old issue that Flutter fixes every dependency is blocking us with such checks: https://github.com/flutter/flutter/blob/master/packages/flutter_goldens/pubspec.yaml
At minimum we should tune it down and not report it on transitive dependencies.
Yeah, let's only reduce the score if direct dependencies are outdated. Transitive dependencies is hard to control.
We could even go a step further an only reduce score if the constraint in the pubspec doesn't allow the latest version for all direct dependencies.
The fix has been deployed.
@isoos @jonasfj I am seeing the same issue again. Looks like a regression? š
Sorry for the ever-changing analysis, but we have a temporary traffic migration rollback to a previous pub site version due to unrelated causes. This particular bug was fixed and early next week we'll be again on the latest pub site version, the penalty will go away.
@isoos, @jonasfj any updates on this? There are still some packages that are affected. If there's anything I can do to help please let me know.
@felangel thanks for reporting back in this, looks like we have an edge case that was not covered before. It seems that we need to re-structure the constraint check, as the current logic can't cover your case.
@isoos any updates on this? Iām more than happy to help open a PR. Do you have any pointers/suggestions for how to resolve the issue? Thanks š
It is not forgotten, but we are working on a feature that is a higher priority and this was pushed back on the priority list. If you want to have a take on it, this is the code that needs to changed: https://github.com/dart-lang/pana/blob/master/lib/src/maintenance.dart#L538-L556
However, the larger part of the PR will be to also modify the tests. If you want to do it, let me know, I'll assist you.
I believe the dwds
packages is being affected by this as well https://pub.dev/packages/dwds#-analysis-tab-.
It is deducting score because of devtools
not resolving to the latest version (0.1.5) but that version is allowed by the pubspec constraint (^0.1.0).
It is very common that some (even transitive) dependency could be restricting the version solve for some immediate dependency. Packages should not be punished for this as its out of their control.
IMO it should only be checking whether the explicit constraint in the pubspec allows the latest version.
IMO it should only be checking whether the explicit constraint in the pubspec allows the latest version.
Yes, this issue is tracked here: https://github.com/dart-lang/pana/issues/551
The pana fix was deployed a while ago.
URL: https://pub.dev/packages/path_provider#-analysis-tab-
Looks like every flutter package is affected by an issue where 5 points are deducted from their score due to not supporting the latest version of 1 dependency.
I'm guessing it has to do with the fact that the flutter version is resolved to
0.0.0
.