- 
                Notifications
    You must be signed in to change notification settings 
- Fork 1k
FAQ - pinning version of a direct dependency #736
FAQ - pinning version of a direct dependency #736
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for thinking of the FAQ! ❤️
        
          
                FAQ.md
              
                Outdated
          
        
      | Use an `overrides` entry for transitive dependencies. | ||
|  | ||
| To pin a version of direct dependency in manifest, prefix the version with `=`. | ||
| e.g. `version = "=x.y.z"` | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's show a full example with the [constraint] header so that it's clear which one to use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just realized that we don't explain how we interpret a version without an operator... 😊 Do you mind adding this blurb as well?
By default, when you specify a version without an operator, such as `~` or `=`, `dep` automatically adds a caret operator, `^`. The caret operator pins the left-most non-zero digit in the version. For example:
^1.2.3 means 1.2.3 <= X < 2.0.0
^0.2.3 means 0.2.3 <= X < 0.3.0
^0.0.3 means 0.0.3 <= X < 0.0.4
623a8b4    to
    2dda8af      
    Compare
  
    | version = "=0.8.0" | ||
| ``` | ||
|  | ||
| By default, when you specify a version without an operator, such as `~` or `=`, | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like it makes more sense to switch the order of these 2 sections. How the default case is handled should come first and then how to pinpoint an exact version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
totally! 😁
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
        
          
                FAQ.md
              
                Outdated
          
        
      | 1. Can be declared by any project's manifest, yours or a dependency | ||
| 2. Apply only to direct dependencies of the project declaring the constraint | ||
| 3. Must not conflict with the `dependencies` declared in any other project's manifest | ||
| 3. Must not conflict with the `constraint` declared in any other project's manifest | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another minor thing.
This should be:
Must not conflict with the constraints declared in any other project's manifest
Or at least:
Must not conflict with the
constraintentries declared in any other project's manifest
- Add pinning a version of direct dependency. - Explain default version behavior. - Replace old `dependencies` with `constraint`.
f845be7    to
    55f511f      
    Compare
  
    | Made all the suggested the changes and squashed to a single commit. | 
| ``` | ||
| ^1.2.3 means 1.2.3 <= X < 2.0.0 | ||
| ^0.2.3 means 0.2.3 <= X < 0.3.0 | ||
| ^0.0.3 means 0.0.3 <= X < 0.0.4 | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i know this is what rust does, but i don't think this is what we actually do. I believe that ^0.0.3 is equivalent to 0.0.3 <= X < 0.1.0.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sdboyer is it a flaw in our implementation or is it by design?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doh! I should have checked with the source directly. 😊  https://github.com/Masterminds/semver/#caret-range-comparisons-major. Yeah I just double-checked that our semver package considers ^0.0.3 to be 0.0.3 <= X < 0.1.0.
| Why does this useful description not appear on FAQ? It was merged, but FAQ on master has nothing like that now, made me struggled really hard to understand that dep add a  Through 3 months of using dep, I have some opinions about version constraint. Firstly this is a really confusing and implicit feature, I haven't seen any other tools that implies  I really appreciate your works on dep, dep is a great tool that gives the community one last standard to rule them all, hope it can get better and better. | 
| @reorx sorry for the trouble. The version operations and detailed docs were recently moved into docs/Gopkg.toml.md as that seemed to be a better place to keep all the Gopkg.toml related docs and the generated Gopkg.toml links to the same docs for more details. | 
| @reorx sorry, meant to respond to this earlier. let me go point by point: 
 Yes, we know it can be confusing. And I think it's fair to say we take the problem of version management quite seriously. I explained a bit about the motivation behind the design choice in #929. 
 
 Providing communication channels is, of course, a difficult problem in general. In the case of #644, we were very clear and public about the file format not being stable, and that committing/building CI around it was a bad idea, and you should only do so with the knowledge that it would break later. It was the first thing (after a couple-sentence summary) in the README. And, in the regular updates I try to be careful about announcing things like this - indeed, it was the very first sentence of the relevant update. 
 As noted in the above-linked status update post, and the README ever since we merged #649, we now make the guarantee that backwards-incompatible changes will not happen to  
 We now have three releases. We held off on making them until after the config file format was stable, specifically to avoid even giving the impression of stability. The first one was made as soon as we became stable. We do, however, lack a changelog on these releases. That's something I'd definitely like to do better, but I'm really starting to face a time crunch with all this. @darkowlzz has proposed introducing a system for structuring commit messages that can then generate a changelog; that might help a lot. Or (non-exclusively), a volunteer would also be tremendously helpful. Meanwhile, though, the aforementioned dep status updates typically include a list of significant changes that have come in; these could suffice. 
 Yes, I've been pained by the lack of formal docs for quite some time now. Our FAQ has grown considerably, and does answer many questions, as do the  
 I think we've won a lot of users' trust so far, but there's certainly still a lot more work to do. The actionable items I'm able to take from your points are "changelogs on releases" and "supplement FAQ with guides, and maybe write more on major topic areas". A third might be "make the README better so that people can better find their way to appropriate resources," however, some of your concerns seem like ones that should've been addressed by reading the README. 
 thank you - so do we! | 
What does this do / why do we need it?
dependencieswithconstraint.Which issue(s) does this PR fix?
fixes #734