-
Notifications
You must be signed in to change notification settings - Fork 993
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[pub] Reconsider the default versioning-strategy
#4979
Comments
Dropping in to add a +1 for defaulting to the Additionally, I think it'll be tough to accurately detect when we're looking at an app or a library. Using |
cc @jurre what do you think about defaulting to |
I think if we document it clearly I have no real concerns, we should default to what makes most sense for users, having everyone needing to configure a version strategy goes against the philosophy of trying to do the right thing by default |
Including @mctofu in the conversation, as I'm going to be out on parental leave for a good while starting next week |
Circling back on this:
👍 makes sense to me. @jonasfj / @sigurdm you're the experts here, what would you prefer? Please take a look at @devoncarew 's PR and see if it matches what you're wanting so he knows whether to spend time fixing tests or not: |
This likely should be the default, but it's [not yet](dependabot/dependabot-core#4979). `widen` doesn't make sense for example use cases, we just want to use the latest.
Reconsider the default
versioning-strategy
.We have the following versioning-strategies:
widen
, extend only the upper bound to include the new version.increase
, always update the constraint lower bound to match the new version.increase-if-necessary
, leave the constraint if the original constraint allows the new version, otherwise, bump the constraint.^1.0.0
1.0.0
1.2.0
'widen'
^1.0.0
'increase'
^1.2.0
'increase-if-necessary'
^1.0.0
^1.0.0
1.0.0
2.0.0
'widen'
>=1.0.0 <3.0.0
'increase'
^2.0.0
'increase-if-necessary'
^2.0.0
Considerations
For packages using the
widen
strategy is attractive because increasing the lower-bound constraint can cause resolution conflicts (as we can only have one version of each package).For applications using the
increase
strategy is attractive because it makes accidental downgrades unlikely.However, using
widen
is likely to cause problems unless humans are carefully considering the scenario. Especially, since most developers aren't usingdart pub downgrade
to test with their lower-bound constraint (assuming it's even possible to resolve the lower-bound -- as other dependencies might have higher lower-bound constraints on the same package).Similarly, using
increase
does slightly increase the risk that the package author runs into resolution conflict in the future. But it is perhaps a bit safer, though debugging an issue due to accidental downgrade isn't too hard.On top of all this, is the fact that we don't have good ways to detect if a
pubspec.yaml
is an application or a package.The current logic assumes the project is a package if
pubspec.yaml
containsversion
. This is unfortunate, because Flutter default application template includesversion
key, used to indicate application version. This can be remedied by checking ifpublish_to: none
is specified, which indicates that it's an application (and also present in Flutter default template).But even if we can probably detect that something is a package, unless it is a core package used by a lot of users, it's probably best to do
increase-if-necessary
. Usingwiden
can easily lead to bugs, so maybe it's best to only used that core packages that are used by many other packages. I could also be convinced that we should merely patch the logic for detecting whether something is a package or application.The text was updated successfully, but these errors were encountered: