Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for version requirements with hazardous upper bounds #655

Open
kpreid opened this issue Apr 20, 2024 · 0 comments
Open

Check for version requirements with hazardous upper bounds #655

kpreid opened this issue Apr 20, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@kpreid
Copy link
Contributor

kpreid commented Apr 20, 2024

Is your feature request related to a problem? Please describe.

It's possible to unexpectedly become unable to update your package's dependencies, because a package somewhere in the dependency graph specified a maximum minor/patch version requirement which conflicts with some other minimum version requirement.

Describe the solution you'd like

Detect this hazard by scanning all transitive dependencies and reporting any version requirements such as =1.2.3, 1.2.*, <2.0.1, <2.1 — anything which has an upper bound that would exclude some semver-compatible versions.

There should be an exemption possible for identifiably "internal use only" dependencies, e.g. foo 1.0.2 might reasonably depend on foo-macros =1.0.2.
@kpreid kpreid added the enhancement New feature or request label Apr 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kpreid