jonasfj
commented
5 years ago Nice catch, but yeah there seems to be something odd here.
Closed felangel closed 4 years ago
jonasfj
commented
5 years ago Nice catch, but yeah there seems to be something odd here.
isoos
commented
5 years ago On the linked path_provider package it is because of meta: the resolved version is 1.1.6, while the available version is 1.1.7.
It looks like the old issue that Flutter fixes every dependency is blocking us with such checks: https://github.com/flutter/flutter/blob/master/packages/flutter_goldens/pubspec.yaml
At minimum we should tune it down and not report it on transitive dependencies.
jonasfj
commented
5 years ago Yeah, let's only reduce the score if direct dependencies are outdated. Transitive dependencies is hard to control.
We could even go a step further an only reduce score if the constraint in the pubspec doesn't allow the latest version for all direct dependencies.
isoos
commented
5 years ago The fix has been deployed.
felangel
commented
5 years ago @isoos @jonasfj I am seeing the same issue again. Looks like a regression? š
isoos
commented
5 years ago Sorry for the ever-changing analysis, but we have a temporary traffic migration rollback to a previous pub site version due to unrelated causes. This particular bug was fixed and early next week we'll be again on the latest pub site version, the penalty will go away.
felangel
commented
5 years ago @isoos, @jonasfj any updates on this? There are still some packages that are affected. If there's anything I can do to help please let me know.
isoos
commented
5 years ago @felangel thanks for reporting back in this, looks like we have an edge case that was not covered before. It seems that we need to re-structure the constraint check, as the current logic can't cover your case.
felangel
commented
5 years ago @isoos any updates on this? Iām more than happy to help open a PR. Do you have any pointers/suggestions for how to resolve the issue? Thanks š
isoos
commented
5 years ago It is not forgotten, but we are working on a feature that is a higher priority and this was pushed back on the priority list. If you want to have a take on it, this is the code that needs to changed: https://github.com/dart-lang/pana/blob/master/lib/src/maintenance.dart#L538-L556
However, the larger part of the PR will be to also modify the tests. If you want to do it, let me know, I'll assist you.
jakemac53
commented
5 years ago I believe the dwds packages is being affected by this as well https://pub.dev/packages/dwds#-analysis-tab-.
It is deducting score because of devtools not resolving to the latest version (0.1.5) but that version is allowed by the pubspec constraint (^0.1.0).
It is very common that some (even transitive) dependency could be restricting the version solve for some immediate dependency. Packages should not be punished for this as its out of their control.
IMO it should only be checking whether the explicit constraint in the pubspec allows the latest version.
jonasfj
commented
5 years ago IMO it should only be checking whether the explicit constraint in the pubspec allows the latest version.
Yes, this issue is tracked here: https://github.com/dart-lang/pana/issues/551
isoos
commented
4 years ago The pana fix was deployed a while ago.
URL: https://pub.dev/packages/path_provider#-analysis-tab-
Looks like every flutter package is affected by an issue where 5 points are deducted from their score due to not supporting the latest version of 1 dependency.
I'm guessing it has to do with the fact that the flutter version is resolved to
0.0.0.