Skip to content

lower pvp-bounds: extraneous version range for a dependency on an internal library #3290

Closed
@mfine

Description

@mfine

General summary/comments

Publishing with pvp-bounds: lower has stopped working with no change in tooling. Hackage is now returning an "extraneous version range" on an internal library error and failing the upload with 400 "Invalid package" - previously this hadn't been the case.

I see this check in cabal - potentially this is from updated software on hackage?

Steps to reproduce

Publish a package to hackage containing an executable with an unbounded dependency on the package's library with a stack.yaml containing pvp-bounds: lower.

Expected

The publish has in the past passed without issues. In hackage I see that the unbounded dependency on the package's library has a lower bound in wolf-0.3.23.cabal, like:

executable wolf-actor
    build-depends:
        wolf >=0.3.23,

Actual

Now the publish fails with:

Getting file list for /Users/mark/repos/wolf/
Building sdist tarball for /Users/mark/repos/wolf/
Checking package 'wolf' for common mistakes
Uploading wolf-0.3.24.tar.gz... unhandled status code: 400
Error: Invalid package

The package has an extraneous version range for a dependency on an internal library: wolf >=0.3.24, wolf >=0.3.24, wolf >=0.3.24. This version range includes the current package but isn't needed as the current package's library will always be used.
Upload failed on wolf-0.3.24.tar.gz

I am able to get the publish to pass by manually removing the bounds on the internal library in wolf-0.3.24.cabal, like:

executable wolf-actor
    main-is: actor.hs
    build-depends:
        wolf,

Stack version

$ stack --version
Version 1.4.0, Git revision e714f1dd3fade19496d91bd6a017e435a96a6bcd (4640 commits) x86_64 hpack-0.17.0

Also tried with 1.5.0:

$ ~/Downloads/stack-1.5.0-osx-x86_64/stack --version
Version 1.5.0, Git revision 63267f94d7c819cbecc2d59aa259d17240838e43 (4845 commits) x86_64 hpack-0.17.1

Method of installation

  • Official binary, downloaded from fpcomplete's package repository

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions