Shards: Not getting latest version of dependency

Created on 29 Jan 2021  路  8Comments  路  Source: crystal-lang/shards

I may be missing something as it's late, but I noticed when doing a shards install/update, it's not installing the latest version of that shard's dependencies.

With a shard.yml like:

dependencies:
  athena:
    github: athena-framework/athena

Running shards install produces the following lock file:

version: 2.0
shards:
  amber_router:
    git: https://github.com/amberframework/amber-router.git
    version: 0.4.4

  athena:
    git: https://github.com/athena-framework/athena.git
    version: 0.12.0

  athena-config:
    git: https://github.com/athena-framework/config.git
    version: 0.1.3

  athena-dependency_injection:
    git: https://github.com/athena-framework/dependency-injection.git
    version: 0.2.3

  athena-event_dispatcher:
    git: https://github.com/athena-framework/event-dispatcher.git
    version: 0.1.2

  athena-serializer:
    git: https://github.com/athena-framework/serializer.git
    version: 0.2.3

  athena-validator:
    git: https://github.com/athena-framework/validator.git
    version: 0.1.3

I would have expected the serializer and dependency injection shards to be updated to 0.2.4 as I recently released those versions, and they are defined as version: ~> 0.2.2 in Athena's shard.yml. If installing either the dependency injection shard or the serializer on their own, the correct version of 0.2.4 is used within the lock file.

EDIT: Tested with both 0.12.0 and 0.13.0.

invalid

All 8 comments

That is the expected behavior.

  • x.y.z is exactly that version
  • ~> x.y.z needs to be used if you want to allow patch updates
  • ~> x.y, >= x.w.z needs to be used if you want to allow minor updates, since some specific minor.

Also, since shards packages do not need to follow semver, we can't assume that x.y.z+1 should be a safe replacement for x.y.z.

@bcardiff But these dependencies _are_ defined with ~> 0.2.2. https://github.com/athena-framework/athena/blob/v0.12.0/shard.yml#L28. So I guess my question is why does it install 0.2.3 when 0.2.4 should totally be a valid version given I'm allowing patch updates, and it's a published release.

I would suspect the cause to be hat the new 0.2.4 releases have athena-framework/config restricted to ~> 0.2.0 so that would not be compatible with the restriction ~> 0.1.3 on that dep in other dependencies.

@straight-shoota Ohh you would be exactly right. In that case 0.2.3 is the correct version. Going to close as this is expected.

It would probably be nice if shards could share some insights why a newer version can't be selected. At least when running shards outdated. I'd expect that to not be trivial, though. Don't know if other dependency managers have such a feature.

I see, sorry @Blacksmoke16 for misreading the issue.

@straight-shoota IIRC rubygems have it.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

j8r picture j8r  路  6Comments

stakach picture stakach  路  4Comments

ysbaddaden picture ysbaddaden  路  3Comments

straight-shoota picture straight-shoota  路  4Comments

acoolstraw picture acoolstraw  路  5Comments