Maybe there is a totally obvious reason for this and I am missing it — but isn’t a package’s dependency information already declared in its
Project.toml and thus can be derived by any application project that uses it? If so, why does
Pkg3 explicitly record them in
Manifest.toml for an application project?
For example, for the following entry in the
Manifest.toml in my default environment:
[[BenchmarkTools]] deps = ["JSON", "Pkg", "Printf", "Statistics", "Test"] git-tree-sha1 = "e686f1754227e4748259f400839b83a1e8773e02" uuid = "6e4b80f9-dd63-53aa-95a3-0cdb28fa8baf" version = "0.4.1"
It seems to me that
deps = ["JSON", "Pkg", "Printf", "Statistics", "Test"] should be redundant? My current understanding is that these information are made available so that
Pkg3 can pull all the packages declared in the
Manifest.toml in one go instead of going back and forth querying GitHub or some other registry, making resolving dependencies faster.
BenchmarkTools.jl's GitHub repository I can see that its
v0.4.1 tag doesn’t have a
Project.toml file but has a
REQUIRE file with the following content:
julia 0.7 JSON
I was quite surprised to see just
JSON is declared because I was expecting the package to somehow specify the exact versions of its dependencies (I remember reading somewhere on this forum that
Pkg3 will try to use the latest version of an package that satisfies all the version constraints, not sure if this is relevant though).
I did eventually found the required version ranges for those dependencies on Julia’s general registry, but I still don’t quite understand how
Pkg3 resolves dependencies; if all the information is recorded on the registry, then what are the scenarios where
Manifest.toml becomes useful? The documentation did mention it can be used to recreate a package environment; but wouldn’t that be possible by just looking up the dependencies’
uuids on the registry and reproduce the environment using the information retrieved there?