Compat bounds for indirect dependencies

Sometimes, indirect dependencies of packages will introduce bugs such that they don’t work anymore with our packages. The [compat] section of Project.toml allows us to restrict the versions of direct dependencies.

  1. Is it possible to use similar compat settings for indirect dependencies?
  2. If not, what’s the best approach to deal with such a situation?

Of course, reporting the bug upstream is the first step, but it might take quite some time until the bug is fixed (and we might not be able to do this right now since we are nat familiar enough with the internals of our indirect dependencies).

is this in your control? YOu can put an entry in there for the indirect?

Also, you can just clone the direct dependency, change the compact for the indirect in that package, and then add it again.

  1. No.
  2. In an emergency you can add the broken indirect dependency as a direct dependency of your package (although unused), which allows you to specify compat to avoid the broken version.

The long term solution is of course to get the indirect dependency fixed and, if warranted, get the broken version yanked from the registry.

1 Like