Fork me on GitHub
#tools-deps
<
2024-04-01
>
armed09:04:50

Hi, I'm experiencing the following behavior: • My library, lets call it my-lib has transitive dependency (`some/dep {:mvn/version 1.6.0}`) • I override that dependency in library's deps.edn with older version to some/dep {:mvn/version 1.5.0}, also I add exclusion for transitive some/dep • app which uses my-lib still has some/dep {:mvn/version 1.6.0} which comes from same transitive source, so I also have to manually override it on the app level Q: is it intentional and is it configurable?

armed09:04:12

the main purpose of my-lib is to provide a list of curated compatible libraries for a particular environment. So I can use different versions of my-lib depending on OS, jvm version etc.

Alex Miller (Clojure team)12:04:01

Yes, this is expected - apps always control the finally library selection

armed12:04:43

Thanks, Alex.

phill15:04:30

For clarity - it would be expected that the app's deps.edn would take precedence if iT said anything about some/dep. But in @U34K4458X's original case, the app's deps.edn said nothing about some/dep but rather got some/dep transitively via a lib that also got it transitively and tried to downgrade some/dep to 1.5.0. Is the use case of a lib providing a curated compatible set of libraries suported, or is it considered an antipattern because resolution of conflict at one level (the top) is simpler (for the rigorous definition of "simple") than at multiple levels (i.e., all intermediate libraries that have an opinion)?

Alex Miller (Clojure team)16:04:40

libs never control what versions are present at the time of use - that is always ultimately a consequences of the specification at the top (app) level

Alex Miller (Clojure team)16:04:52

lib dep versions should always be treated as nothing stronger than a suggestion :)

Alex Miller (Clojure team)16:04:00

if you want to learn more about how dep expansion and version selection is done for deps.edn, see https://clojure.org/reference/dep_expansion