Sometimes, indirect dependencies of packages will introduce bugs such that they don’t work anymore with our packages. The [compat] section of Project.toml allows us to restrict the versions of direct dependencies.
Is it possible to use similar compat settings for indirect dependencies?
If not, what’s the best approach to deal with such a situation?
Of course, reporting the bug upstream is the first step, but it might take quite some time until the bug is fixed (and we might not be able to do this right now since we are nat familiar enough with the internals of our indirect dependencies).
In an emergency you can add the broken indirect dependency as a direct dependency of your package (although unused), which allows you to specify compat to avoid the broken version.
The long term solution is of course to get the indirect dependency fixed and, if warranted, get the broken version yanked from the registry.