Assume that package localization#2.0.0 requires peer dependency of package library of minimal version 1.1.0 and maximal version1.5.4. With JavaScript, the logical expression will be:
libraryVersion >= 1.1.0 && libraryVersion <= 1.5.4
But how to express same condition in peerDependencies (and other types of dependencies) filed of package.json? I did not find the logic operator and in semver documentation.
{
"peerDependencies": {
"library": ">=1.2.7 "
}
}
This isn't possible. You can do something like "library": "1.x" but that's it.
Related
I've built a simple app with these dependencies:
[dependencies]
core-foundation = { version = "0.9", features = ["with-chrono"] }
With cargo 1.62.1 (a748cf5a3 2022-06-08). My platform is a Macbook Air M1 (the target might matter, not sure).
And I'm getting this error:
error: cyclic package dependency: package `chrono v0.4.21` depends on itself. Cycle:
package `chrono v0.4.21`
... which satisfies dependency `chrono = "^0.4"` of package `core-foundation v0.9.3`
... which satisfies dependency `core-foundation = "^0.9"` of package `iana-time-zone v0.1.42`
... which satisfies dependency `iana-time-zone = "^0.1.41"` of package `chrono v0.4.21`
If I clone core-foundation and build it myself using cargo build --features="with-chrono", I'm not getting any error.
Any idea how to investigate this issue?
Unfortunately, there isn't much you can do if the cyclic dependency occurs with crates you don't control. You could attempt to "fix" one of the crates by cloning and modifying it to avoid a problematic dependency and override your dependencies with the fixed version.
Your best bet is to notify the maintainers of the crates involved. If the issue only arose recently, you can try locking your dependencies to an earlier version as a workaround.
This particular issue seems to be resolved already. It likely happened when chrono added iana-time-zone as a dependency in version 0.4.21. However, the fix was for iana-time-zone to change its dependency from core-foundation to core-foundation-sys in version 0.1.45 to break the cycle.
according to the following rule,
^1.2.3 is >=1.2.3 <2.0.0
^0.2.3 is >=0.2.3 <0.3.0 (0.x.x is special)
^0.0.1 is =0.0.1 (0.0.x is special)
^1.2 is >=1.2.0 <2.0.0 (like ^1.2.0)
I am wondering why there is the difference as below between Semver ^12.1.0 and ^12.1.1 in my yarn.lock file?
^12.1.0 is resolved to 12.1.1, meanwhile
^12.1.1 is resolved to 12.3.0 (the latest version).
react-native-svg#^12.1.0:
version "12.1.1"
resolved "https://registry.yarnpkg.com/react-native-svg/-/react-native-svg-12.1.1.tgz#5f292410b8bcc07bbc52b2da7ceb22caf5bcaaee"
integrity sha512-NIAJ8jCnXGCqGWXkkJ1GTzO4a3Md5at5sagYV8Vh4MXYnL4z5Rh428Wahjhh+LIjx40EE5xM5YtwyJBqOIba2Q==
dependencies:
css-select "^2.1.0"
css-tree "^1.0.0-alpha.39"
react-native-svg#^12.1.1:
version "12.3.0"
resolved "https://registry.npmjs.org/react-native-svg/-/react-native-svg-12.3.0.tgz#40f657c5d1ee366df23f3ec8dae76fd276b86248"
integrity sha512-ESG1g1j7/WLD7X3XRFTQHVv0r6DpbHNNcdusngAODIxG88wpTWUZkhcM3A2HJTb+BbXTFDamHv7FwtRKWQ/ALg==
dependencies:
css-select "^4.2.1"
css-tree "^1.0.0-alpha.39"
any help would be appreciated, thanks.
error: failed to select a version for `syn`. \
... required by package `serde_derive v1.0.125`\
... which satisfies dependency `serde_derive = "=1.0.125"` of package `serde v1.0.125`
... which satisfies dependency `serde = "^1.0.125"` of package `mongodb v2.1.0`\
... which satisfies dependency `mongodb = "^2.1"` of package `wagmeet v0.1.0
\(/mnt/e/College/Eighth Semester/Crypto_Capable/wagmeet_app)`\
versions that meet the requirements `^1.0.60` are: 1.0.86, 1.0.85, 1.0.84, 1.0.83, 1.0.82, 1.0.81, 1.0.80, 1.0.79, 1.0.78, 1.0.77, 1.0.76, 1.0.75, 1.0.74, 1.0.73, 1.0.72, 1.0.71, 1.0.70, 1.0.69, 1.0.68, 1.0.67, 1.0.66, 1.0.65, 1.0.64, 1.0.63, 1.0.62, 1.0.61, 1.0.60
all possible versions conflict with previously selected packages.
previously selected package `syn v1.0.57`\
... which satisfies dependency `syn = "=1.0.57"`
\ of package `near-sdk-core v3.0.1`
... which satisfies dependency `near-sdk-core = "=3.0.1"` of package `near-sdk-macros v3.0.1` \
... which satisfies dependency `near-sdk-macros = "=3.0.1"` \ of package `near-sdk v3.0.1`
... which satisfies dependency `near-sdk = "^3"` of package `wagmeet v0.1.0 `\
failed to select a version for `syn` which could resolve this conflict
Cargo.toml file
[package]
name = "wagmeet"
version = "0.1.0"
edition = "2021"
[lib]
crate-type = ["rlib","cdylib"]
[dependencies]
near-sdk = "^3.1.0"
near-contract-standards = "^3.1.1"
mongodb = "2.0.0"
bson = { version = "2", features = ["chrono-0_4"] } # Needed for using chrono datetime in doc
tokio = "1"
chrono = "0.4" # Used for setting DateTimes
serde = "1"
serde_derive = "1.0.135"
Update
added the cargo.toml file
I have tried various versions nothing seems to be working for now. Is mongoDb even compatible with Near protocol?
There is a conflict between two of your dependencies: near-sdk requires exactly syn version 1.0.57, and mongodb requires at least syn version 1.0.60. Clearly both cannot exist together.
You have few solutions:
Patch near-sdk to support later syn versions. This is usually not recommended.
Upgrade near-sdk to the pre-release 4.0.0 (currently 4.0.0-pre.7) that supports later syn versions. This is an unstable version, and may break.
Downgrade mongodb to a version that supports syn version 1.0.57. The latest version that supports that is 1.2.5, so you need to specify in your Cargo.toml mongodb = "=1.2.5". But this relies on an old, unsupported version.
There is no "best solution". All solutions are bad. I would probably upgrade near-sdk to 4.0.0, but what to do depends on your needs.
Try the following methods...
check your patched dependencies are pointed to the correct source repository
if you use other project's Cargo.lock or change some dependencies as you go, remove target folder and build again
check compilation logs for incorrect dependency paths!
update your Rust
delete .cargo and .rustup directories
I'm setting up a Rust server with Rocket and I'm trying to use it with a JWT library. They use different versions of the *ring* crate and I get an error during cargo build:
error: multiple packages link to native library `ring-asm`, but a native library can be linked only once
package `ring v0.12.1`
... which is depended on by `jsonwebtoken v4.0.1`
... which is depended on by `auther v0.1.0 (file:///home/drpytho/x/downloadble/auther)`
links to native library `ring-asm`
package `ring v0.11.0`
... which is depended on by `cookie v0.9.2`
... which is depended on by `rocket v0.3.6`
... which is depended on by `rocket_codegen v0.3.6`
... which is depended on by `auther v0.1.0 (file:///home/drpytho/x/downloadble/auther)`
also links to native library `ring-asm`
My Cargo.toml
[package]
name = "auther"
version = "0.1.0"
authors = ["Name <Email#mail.se>"]
[dependencies]
rocket = "0.3.6"
rocket_codegen = "0.3.6"
jsonwebtoken = "4"
serde_derive = "1"
serde = "1"
I read that you are supposed to fix the mismatching dependencies in your Cargo file, but I can't figure out how to do it.
You have to fix this by not transitively depending on different versions of crates that link to a native library.
There's no newer version of rocket available that depends on version 0.10 of cookie, which depends on ring 0.12, so you'll need to downgrade jsonwebtoken to 2.0.3.
You can work this out by checking the crates.io pages for the crates in question (like with jsonwebtoken), going back through older versions, and looking to see what dependencies it needs.
I'm nearly ready to upload my first package to Hackage!
I have this in my hstest.cabal:
Executable hstest
Main-Is: hstest.hs
Build-Depends: base, mtl, directory, ghc, ghc-paths, random, QuickCheck
I understand that it's bad form to simply list which packages my package depends upon; instead I should state which versions of these packages are needed.
The versions I have installed are
base = 4.1.0.0
mtl = 1.1.0.2
directory = 1.0.0.3
ghc = 6.10.3
ghc-paths = 0.1.0.5
random = 1.0.0.1
QuickCheck = 1.2.0.0
Is there an easy way of finding out what the earliest acceptable versions of each of these packages my package actually needs? (i.e. without installing lots of obsolete versions and testing them one by one?)
Which future versions of these packages can I assume my package can depend on?
Is there an easy way of finding out what the earliest acceptable versions of each of these packages my package actually needs
No, there's no tool for that.
Which future versions of these packages can I assume my package can depend on?
The safest way is to follow the package versioning policy, which says to only rely on API-extending versions of packages. That is versions of the form: A.B.*. As the policy states:
To minimize breakage when new package versions are released, you can use dependencies that are insensitive to minor version changes (e.g. foo >= 1.2.1 && < 1.3).
So you would do something like:
QuickCheck >= 1.2 && < 1.3
Now, testing may reveal lower or higher bounds on what features you actually use.