This repository has been archived by the owner on Sep 9, 2020. It is now read-only.
Importers need a more conservative mode for use during solve #1316
Assignees
Labels
Comments
Closed
|
The importers pull in the dependency manifest + lock but then they remove the constraints for transitive dependencies of the root repo. This will result in an incorrect resolve since we are ignoring constraints on transient dependencies that come from external configs. Will this be fixed as part of this issue or should I open a separate issue for this? |
|
Yup! It will be addressed as part of this issue. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently, the importers aggressively try to fill in as much of the manifest and lock as possible given an incomplete set of metadata from external config. For example, given just a revision, the importer will check if the revision has a tag, and infer a constraint if the tag is semver.
This is good for init, but unacceptable for use during solve (i.e.
dep ensure).The base importer needs a flag indicating how aggressive they need to be. But it's not 100% clear what that needs to look like. Before tackling this issue, we need to enumerate the various pieces of input that each importer could have specified, and determine what's safe to import on-the-fly during solve.
The text was updated successfully, but these errors were encountered: