Recursive dependency updates can result in breaking otherwise working dependencies #2264
Closed
2 tasks done
Labels
T-bug
Type: bug
Component
Forge
Have you ensured that all of these are up to date?
What version of Foundry are you on?
forge 0.2.0 (f016135 2022-07-04T00:15:02.930499Z)
What command(s) is the bug in?
forge update
Operating System
macOS (Intel)
Describe the bug
Current Behaviour
When updating a dependency using
forge update
, all nested dependencies are updated to the latest version (if these nested dependencies are also managed using foundry / git submodule).This can result in the installed library being in a state different from it's own source repository (which will be marked as
COMMITHASH-dirty
by git). In case the latest version of the nested dependency is not backwards compatible this can lead to the installed version of the package breaking. I created a sample repo that illustrates that issue here.In some situations this might render the
forge update
command unusable since the user wont be able to upgrade a dependency without breaking it.Even when it doesn't break the dependency it can lead to subtle differences in its behaviour, which might be even more dangerous.
Expected behaviour
The user should have the option to update the dependency without recursively updating nested dependencies beyond changes in the depencies repo itself.
Currently the only way for the user to achieve this is to manually reinstall the package using
forge remove
andforge install
. It would be more ergonomic to let the user disable / enable recursive updates using a flag.Also one might want to revisit the decision (if it was a conscious one) to have recursive updates by default since it results in behaviour that many users might find unexpected.
Possible solution
Remove the
--recursive
flag here entirely or conditionally based on user input.The text was updated successfully, but these errors were encountered: