Add warning for packages without lower bound with --resolution=lowest
#2797
Comments
zanieb
added
help wanted
|
@zanieb I'd like to try working on this! It's basically my first time in this codebase, so if there's any top-level guidance you can give that would be amazing. |
|
Hi! You've picked kind of a hard one for a first task, I'm not sure how to do this off the top of my head. My first thought is to go to the if matches!(
self.selector.resolution_strategy(),
ResolutionStrategy::Lowest
) {
for requirement in self.requirements {
if Some(VersionOrUrl::Version(version)) = requirement.version_or_url {
if <the version specifier has no lower bound> {
warn_user_once!(...)
}
}
}
}There are a few open questions:
Let me know if you want more than that I can look a bit further. |
|
This also only seems sufficient for |
|
Thanks for the guidance @zanieb ! I really appreciate it.
I've been playing around to see how feasible this is. The option you suggest of adding it to
In my testing, this seems to work if *dep_version == (Range::full()) {
One option is to add the warning or utility function here and in similar transitive locations. Would this work? I'll upload a draft PR to show what I mean. |
|
Here's a draft PR with debug logs where the warning might go: https://github.com/ottaviohartman/uv/pull/2/files |
|
Opened #4006 , let me know if this is the right track. If not I don't mind closing and handing this task to someone more knowledgeable! |
|
I think this is closed in #5142 now |
|
Sorry for being AWOL on this! |
|
No problem, it happens to all of us :) |
Warn when there are missing bounds on transitive dependencies with `--resolution lowest`. Implemented as a lazy resolution graph check. Dev deps are odd because they are missing the edge from the root that extras have, but this is more complex because we can put dev dep information in a `Requirement` so i special cased them here. Closes #2797 Should help with #1718
Warn when there are missing bounds on transitive dependencies with `--resolution lowest`. Implemented as a lazy resolution graph check. Dev deps are odd because they are missing the edge from the root that extras have, but this is more complex because we can put dev dep information in a `Requirement` so i special cased them here. Closes #2797 Should help with #1718
Warn when there are missing bounds on transitive dependencies with `--resolution lowest`. Implemented as a lazy resolution graph check. Dev deps are odd because they are missing the edge from the root that extras have (they are currently orphans in the resolution graph), but this is more complex to solve properly because we can put dev dep information in a `Requirement` so i special cased them here. Closes #2797 Should help with #1718 --------- Co-authored-by: Ibraheem Ahmed <ibraheem@ibraheem.ca>
Warn when there are missing bounds on transitive dependencies with `--resolution lowest`. Implemented as a lazy resolution graph check. Dev deps are odd because they are missing the edge from the root that extras have (they are currently orphans in the resolution graph), but this is more complex to solve properly because we can put dev dep information in a `Requirement` so i special cased them here. Closes #2797 Should help with #1718 --------- Co-authored-by: Ibraheem Ahmed <ibraheem@ibraheem.ca>
per #1718 (comment) we should throw a warning in this case since without a lower bound we will take the oldest version of a package which is actually quite unlikely to be compatible.
The text was updated successfully, but these errors were encountered: