gleam
gleam copied to clipboard
gleam-lang
Gleam downloads wrong dependency RC version
This occurs on Gleam 0.34.1 and 1.0.0 RC2.
The gleam.toml:
name = "dep_test"
version = "1.0.0"
[dependencies]
gleam_stdlib = "~> 0.34 or ~> 1.0"
lustre = "4.0.0-rc.2"
gleam_json = "~> 0.7"
[dev-dependencies]
gleeunit = "~> 1.0"
Run gleam deps download. The created manifest:
# This file was generated by Gleam
# You typically do not need to edit this file
packages = [
{ name = "argv", version = "1.0.1", build_tools = ["gleam"], requirements = [], otp_app = "argv", source = "hex", outer_checksum = "A6E9009E50BBE863EB37D963E4315398D$
{ name = "filepath", version = "0.2.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "filepath", source = "hex", outer_checksum = "FC1B1B29438$
{ name = "gleam_community_ansi", version = "1.4.0", build_tools = ["gleam"], requirements = ["gleam_stdlib", "gleam_community_colour"], otp_app = "gleam_community_an$
{ name = "gleam_community_colour", version = "1.3.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleam_community_colour", source = "hex", o$
{ name = "gleam_erlang", version = "0.24.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleam_erlang", source = "hex", outer_checksum = "26$
{ name = "gleam_json", version = "0.7.0", build_tools = ["gleam"], requirements = ["gleam_stdlib", "thoas"], otp_app = "gleam_json", source = "hex", outer_checksum =$
{ name = "gleam_otp", version = "0.9.0", build_tools = ["gleam"], requirements = ["gleam_stdlib", "gleam_erlang"], otp_app = "gleam_otp", source = "hex", outer_check$
{ name = "gleam_stdlib", version = "0.36.0", build_tools = ["gleam"], requirements = [], otp_app = "gleam_stdlib", source = "hex", outer_checksum = "C0D14D807FEC6F8A$
{ name = "glearray", version = "0.2.1", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "glearray", source = "hex", outer_checksum = "908154F695D$
{ name = "gleeunit", version = "1.0.2", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleeunit", source = "hex", outer_checksum = "D364C87AFEB$
{ name = "glint", version = "0.16.0", build_tools = ["gleam"], requirements = ["snag", "gleam_stdlib", "gleam_community_colour", "gleam_community_ansi"], otp_app = "$
{ name = "justin", version = "1.0.1", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "justin", source = "hex", outer_checksum = "7FA0C6DB78640C6$
{ name = "lustre", version = "4.0.0-rc1", build_tools = ["gleam"], requirements = ["gleam_json", "gleam_stdlib", "argv", "glint", "filepath", "gleam_community_ansi",$
{ name = "repeatedly", version = "2.1.1", build_tools = ["gleam"], requirements = [], otp_app = "repeatedly", source = "hex", outer_checksum = "38808C3EC382B0CD98133$
{ name = "shellout", version = "1.6.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "shellout", source = "hex", outer_checksum = "E2FCD18957F$
{ name = "simplifile", version = "1.5.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "simplifile", source = "hex", outer_checksum = "EB9AA8E$
{ name = "snag", version = "0.3.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "snag", source = "hex", outer_checksum = "54D32E16E33655346AA$
{ name = "spinner", version = "1.1.0", build_tools = ["gleam"], requirements = ["gleam_erlang", "gleam_stdlib", "gleam_community_ansi", "repeatedly", "glearray"], ot$
{ name = "thoas", version = "0.4.1", build_tools = ["rebar3"], requirements = [], otp_app = "thoas", source = "hex", outer_checksum = "4918D50026C073C4AB1388437132C7$
{ name = "tom", version = "0.3.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "tom", source = "hex", outer_checksum = "0831C73E45405A2153091$
]
[requirements]
gleam_json = { version = "~> 0.7" }
gleam_stdlib = { version = "~> 0.34 or ~> 1.0" }
gleeunit = { version = "~> 1.0" }
lustre = { version = "4.0.0-rc.2" }
The issue is
name = "lustre", version = "4.0.0-rc1"
As can be seen, Lustre RC1 was downloaded, even though the dependency is exact and points to RC2.
It looks like this is a package-specific issue. lustre's first RC uses the format "4.0.0-rc1" whereas the second one is "4.0.0-rc.2" and so when comparing the preversions "rc1" is compared to "rc.2" which because of the "." means rc1 is the "later" version. Not sure if we wanna handle this/how.
I would agree if this was a ranged version, but this is an exact version. It should not be comparing anything, right? It should at most complain if it can't fulfill the criteria.
Mar 17, 2024 22:04:07 Ameen Radwan @.***>:
It looks like this is a package-specific issue. lustre's first RC uses the format "4.0.0-rc1" whereas the second one is "4.0.0-rc.2" and so when comparing the preversions "rc1" is compared to "rc.2" which because of the "." means rc1 is the "later" version. Not sure if we wanna handle this/how.
— Reply to this email directly, view it on GitHub[https://github.com/gleam-lang/gleam/issues/2630#issuecomment-2002600203], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AACCV4MRC7V4F3J6OFJ3OL3YYXZLFAVCNFSM6AAAAABEDCU2GKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMBSGYYDAMRQGM]. You are receiving this because you authored the thread. [Tracking image][https://github.com/notifications/beacon/AACCV4L26BWG7DVLI4VUMBLYYXZLFA5CNFSM6AAAAABEDCU2GKWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTTXLVAQW.gif]
-_- ok so at the very least I figured out why this happens. It turns out the way pubgrub checks "exact" is it checks that it checks a non-inclusive range between the current version and 1 bump https://github.com/pubgrub-rs/pubgrub/blob/release/src/range.rs#L51 so in this case it is actually checking for any version between 4.0.0-rc.2 and 4.0.1 https://github.com/gleam-lang/hexpm-rust/blob/main/src/version.rs#L183 This is technically correct for normal semantic versions and works well enough for rcs if somebody wants the latest rc but not for any other rc (in this case rc.2 isn't latest because of the typo technically). I don't know what the right approach to fix it is though
Bravo! Impressive detective skills. It sounds like we want an issue with the pubgrub repo here?
We could possibly hack around this by taking note of the top level dependencies and for any that have exact matches apply a filter to its versions and only give pubgrub the exact one that is desired. This wouldn't always solve the problem, but it would solve the most common case of when a project wants to try out an RC version.
I'm not entirely sure what the best way to solve this is. My original gut reaction was to make bump for pre versions not actually bump patch and instead just append a numeric to the pre vector but since that's a published crate I don't wanna cause a potentially breaking change but I can't tell if this would be "correct" behavior or not as is. Storing a map of all the exact deps in DependencyProvider and doing a check in choose_package_version ourselves would work well enough and be more self contained.
Sounds good to me.
The pubgrub folks may have an opinion too. I think they redesigned that version trait, though it's not out yet.
Ok I think I have this fixed but funnily enough, it looks like https://diff.hex.pm/diff/lustre/4.0.0-rc.2..4.0.0-rc1 the repro toml in this issue breaks with the fix since rc2 prevents the usage of gleam_json = "~> 0.7"
Ok I think I have this fixed but funnily enough, it looks like https://diff.hex.pm/diff/lustre/4.0.0-rc.2..4.0.0-rc1 the repro toml in this issue breaks with the fix since rc2 prevents the usage of gleam_json = "~> 0.7"
That should be fine, this is what I would want to see as a user.
I'm having the same problem but with Wisp, It downloads by default version 0.1.0 which is almost empty I believe.
