search

hexpm / hex

Package manager for the Erlang ecosystem.
https://hex.pm
973 stars 185 forks source link

mix hex.outdated shows that update is possible, but actually it isn't #834

Closed fuelen closed 3 years ago

fuelen commented 3 years ago

deps list

    [
      {:oauth2, "~> 0.9"},
      {:ueberauth, "~> 0.4"},
      {:ueberauth_microsoft, "~> 0.3"},
    ]

mix.lock

%{
  "certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"},
  "hackney": {:hex, :hackney, "1.16.0", "5096ac8e823e3a441477b2d187e30dd3fff1a82991a806b2003845ce72ce2d84", [:rebar3], [{:certifi, "2.5.2", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.1", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.0", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.6", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "3bf0bebbd5d3092a3543b783bf065165fa5d3ad4b899b836810e513064134e18"},
  "idna": {:hex, :idna, "6.0.1", "1d038fb2e7668ce41fbf681d2c45902e52b3cb9e9c77b55334353b222c2ee50c", [:rebar3], [{:unicode_util_compat, "0.5.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a02c8a1c4fd601215bb0b0324c8a6986749f807ce35f25449ec9e69758708122"},
  "metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm", "69b09adddc4f74a40716ae54d140f93beb0fb8978d8636eaded0c31b6f099f16"},
  "mime": {:hex, :mime, "1.4.0", "5066f14944b470286146047d2f73518cf5cca82f8e4815cf35d196b58cf07c47", [:mix], [], "hexpm", "75fa42c4228ea9a23f70f123c74ba7cece6a03b1fd474fe13f6a7a85c6ea4ff6"},
  "mimerl": {:hex, :mimerl, "1.2.0", "67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3", [:rebar3], [], "hexpm", "f278585650aa581986264638ebf698f8bb19df297f66ad91b18910dfc6e19323"},
  "oauth2": {:hex, :oauth2, "0.9.4", "632e8e8826a45e33ac2ea5ac66dcc019ba6bb5a0d2ba77e342d33e3b7b252c6e", [:mix], [{:hackney, "~> 1.7", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "407c6b9f60aa0d01b915e2347dc6be78adca706a37f0c530808942da3b62e7af"},
  "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},
  "plug": {:hex, :plug, "1.11.0", "f17217525597628298998bc3baed9f8ea1fa3f1160aa9871aee6df47a6e4d38e", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "2d9c633f0499f9dc5c2fd069161af4e2e7756890b81adcbb2ceaa074e8308876"},
  "plug_crypto": {:hex, :plug_crypto, "1.2.0", "1cb20793aa63a6c619dd18bb33d7a3aa94818e5fd39ad357051a67f26dfa2df6", [:mix], [], "hexpm", "a48b538ae8bf381ffac344520755f3007cc10bd8e90b240af98ea29b69683fc2"},
  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
  "telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"},
  "ueberauth": {:hex, :ueberauth, "0.6.3", "d42ace28b870e8072cf30e32e385579c57b9cc96ec74fa1f30f30da9c14f3cc0", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "afc293d8a1140d6591b53e3eaf415ca92842cb1d32fad3c450c6f045f7f91b60"},
  "ueberauth_microsoft": {:hex, :ueberauth_microsoft, "0.4.0", "1c0be9c218e93c426e32c416421e9d41ea59fdf1e3b24310ed5be41df46ddcc1", [:mix], [{:oauth2, "~> 0.8", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.4", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "0b124367853a9becd265639f9eaa0c5318a313feb8ebd51464c8c68be1353e20"},
  "unicode_util_compat": {:hex, :unicode_util_compat, "0.5.0", "8516502659002cec19e244ebd90d312183064be95025a319a6c7e89f4bccd65b", [:rebar3], [], "hexpm", "d48d002e15f5cc105a696cf2f1bbb3fc72b4b770a184d8420c8db20da2674b38"},
}
$ mix hex.outdated
Dependency           Current  Latest  Update possible  
oauth2               0.9.4    2.0.0   No               
ueberauth            0.6.3    0.6.3                    
ueberauth_microsoft  0.4.0    0.8.0   Yes

When I'm trying to update ueberauth_microsoft everything remains unchanged:

$ mix deps.update ueberauth_microsoft
Resolving Hex dependencies...
Dependency resolution completed:
Unchanged:
  certifi 2.5.2
  hackney 1.16.0
  idna 6.0.1
  metrics 1.0.1
  mime 1.4.0
  mimerl 1.2.0
  oauth2 0.9.4
  parse_trans 3.3.0
  plug 1.11.0
  plug_crypto 1.2.0
  ssl_verify_fun 1.1.6
  telemetry 0.4.2
  ueberauth 0.6.3
  ueberauth_microsoft 0.4.0
  unicode_util_compat 0.5.0
ericmj commented 3 years ago

The only way to know if a package is updatable is to do a full version resolution for every updatable version.

When you update a package other version constraints may be introduced or changed which causes the update to not be possible. In this cause ueberauth_microsoft >= 0.5.0 depends on oauth ~> 1.0 which is not compatible with the version requirement in your mix.exs file.

Since it is not feasible for hex.outdated to perform version resolution for a large set of different package versions it only checks if a package is updatable in the context of the set of version requirements in your current dependency tree. Because of this hex.outdated may sometimes say that a dependency is updatable when it is not.

fuelen commented 3 years ago

Okay, so that's an expected behaviour and I should just read Update possible as Update is allowed by local mix.exs.

Is it possible to perform full version resolution via additional flag and maybe write some info to an additional column? Does it make sense at all?

ericmj commented 3 years ago

Okay, so that's an expected behaviour and I should just read Update possible as Update is allowed by local mix.exs.

Yes, or to be pedantic: allowed by mix.exs and your current set of dependencies.

Is it possible to perform full version resolution via additional flag and maybe write some info to an additional column? Does it make sense at all?

Yes, that's mix deps.update :). We don't show why we failed to select a given version because that would be very noisy in many cases and usually not useful to users. We have a debug mode that does display it: HEX_RESOLVE_VERBOSE=1 mix deps.update ueberauth_microsoft. Which would print:

Failed to use "oauth2" (version 0.9.4) because
  ueberauth_microsoft (versions 0.5.0 to 0.8.0) requires ~> 1.0 or ~> 2.0
  mix.exs specifies ~> 0.9

Try the command locally, the colors in the shell really helps.

fuelen commented 3 years ago

HEX_RESOLVE_VERBOSE=1 is really helpful! Thank you!