You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When listing dependencies via a cpanfile, it is possible for cpm to install multiple versions of the dependencies, when some of them are pinned at a specific version (but not all).
When resolving distributions to install, cpm matches Template up to the correctly pinned version, but then also resolves Template::Stash to the most recent release of the distribution. The two dependencies are then installed separately, and which version you end up with in the end is inconsistent. Sometimes it installs the pinned version first, then overwrites it with the newer module, other times it installs the newer one first and then overwrites with the pinned version.
While I am aware that using a cpanfile.snapshot would help address this (as it would allow me to force the resolver to only ever see the pinned version), the above behaviour still feels inconsistent.
It is also possible to trigger this behaviour when installing an entire dependency chain, where we may have a distribution pinned in cpanfile, but then modules inside of that distribution are later discovered as indirect dependencies (where we may not depend on it directly, but something which we depend on does).
The text was updated successfully, but these errors were encountered:
When listing dependencies via a
cpanfile
, it is possible forcpm
to install multiple versions of the dependencies, when some of them are pinned at a specific version (but not all).Example
cpanfile
:When resolving distributions to install,
cpm
matchesTemplate
up to the correctly pinned version, but then also resolvesTemplate::Stash
to the most recent release of the distribution. The two dependencies are then installed separately, and which version you end up with in the end is inconsistent. Sometimes it installs the pinned version first, then overwrites it with the newer module, other times it installs the newer one first and then overwrites with the pinned version.While I am aware that using a
cpanfile.snapshot
would help address this (as it would allow me to force the resolver to only ever see the pinned version), the above behaviour still feels inconsistent.It is also possible to trigger this behaviour when installing an entire dependency chain, where we may have a distribution pinned in
cpanfile
, but then modules inside of that distribution are later discovered as indirect dependencies (where we may not depend on it directly, but something which we depend on does).The text was updated successfully, but these errors were encountered: