Conflicts with Mint's dependency

mtrudel / bandit

Bandit is a pure Elixir HTTP server for Plug & WebSock applications

MIT License

1.7k stars 85 forks source link

Conflicts with Mint's dependency #409

Closed slashmili closed 1 week ago

slashmili commented 1 month ago

I'd like to report that bandit's hpax dependency conflicts with Mint's dependency.

Dependencies have diverged:
* hpax (Hex package)
  the dependency hpax 0.2.0

  > In deps/mint/mix.exs:
    {:hpax, "~> 0.1.1 or ~> 0.2.0 or ~> 1.0", [app_properties: [config_mtime: 1728651144, optional_applications: [], applications: [:kernel, :stdlib, :elixir], description: ~c"Implementation of the HPACK protocol (RFC 7541) for Elixir", modules: [HPAX, HPAX.Huffman, HPAX.Table, HPAX.Types], registered: [], vsn: ~c"0.2.0"], env: :prod, hex: "hpax", repo: "hexpm", optional: false]}

  does not match the requirement specified

  > In deps/bandit/mix.exs:
    {:hpax, "~> 1.0.0", [env: :prod, hex: "hpax", repo: "hexpm", optional: false]}

While I can override the dependency in my mix.exs, I thought to report it maybe bandit can relax the dependency and use ~> 1.0 ?

mtrudel commented 1 month ago

Yep Bandit can / should absolutely relax that dep. I'll get that into the next release!

grzuy commented 3 weeks ago

I'd like to report that bandit's hpax dependency conflicts with Mint's dependency.

Is there really a conflict?

bandit requires :hpax, "~> 1.0.0" and mint requires :hpax, "~> 0.1.1 or ~> 0.2.0 or ~> 1.0".

hpax 1.0.0 which is the latest version does satisfy both version range requirements for bandit and mint.

I don't think you are required to include hpax as a dependency to make them match. I think only a mix deps.update hpax would suffice to get it to bump to 1.0.0 in the mix.lock. Right?

Maybe :hpax, "~> 1.0" is a better relaxed requirement for bandit. But anyway, worth mentioning I don't think there's a conflict as is.