search

flathub-infra / flatpak-external-data-checker

A tool for checking if the external data used in Flatpak manifests is still up to date
GNU General Public License v2.0
116 stars 34 forks source link

Downgrades should be avoided #286

Open dreua opened 2 years ago

dreua commented 2 years ago

Today the bot filed this PR against the PDF Arranger flatpak: Update pyparsing-3.0.7-py3-none-any.whl to 3.0.6 by flathubbot (build successful)

I do not understand why this is considered an Upgrade by the bot. 3.0.7 is still the most recent version on PyPI.

Any ideas?

Thanks for development and maintenance of this bot, it really makes a difference if you want to keep your dependencies up to date :heart:

dreua commented 2 years ago

I can't reproduce this running the data-checker locally.

gasinvein commented 2 years ago

This is an error, but what causes it is still not clear. We've seen this happening with GitHub API, then with Gnome's cache.json, now this with PyPI - it's not even clear if the cause is the same in these case (probably not). It doesn't reproduce locally and overall seems sporadic.

I do not understand why this is considered an Upgrade

f-e-d-c doesn't compare versions, since it has no way of knowing the current version from the f-b manifest alone. It applies whatever it got from upstream (PyPI API in this case) regardless of the current version (and always calls its changes an "Upgrade").

dreua commented 2 years ago

Thanks, now I know that I just need to ignore PRs like this in case it happens again. Would be nice to get it fixed though. (Is the bot writing any logs by chance?)

gasinvein commented 2 years ago

The only way I see to work around this issue is to store source version in the manifest, and actually compare it with the new version.

dreua commented 2 years ago

I.e. you don't think it's possible to track down and fix the root cause of this? If the currently used version is actually unpublished for some reason that might be interesting to now, just ignoring any version smaller than the currently used one has the potential to hide errors and should only be used as a last resort imo.

dreua commented 2 years ago

Now, 5 days later, there is an actual upgrade: Update pyparsing-3.0.7-py3-none-any.whl to 3.0.8 by flathubbot · Pull Request #59 · flathub/com.github.jeromerobert.pdfarranger

This dependency is rarely updated, therefore I think this is worth mentioning. They might have done some preparation 5 days ago which the bot picked up.