Description
General summary/comments
Publishing with pvp-bounds: lower
has stopped working with no change in tooling. Hackage is now returning an "extraneous version range" on an internal library error and failing the upload with 400 "Invalid package" - previously this hadn't been the case.
I see this check in cabal - potentially this is from updated software on hackage?
Steps to reproduce
Publish a package to hackage containing an executable with an unbounded dependency on the package's library with a stack.yaml containing pvp-bounds: lower
.
Expected
The publish has in the past passed without issues. In hackage I see that the unbounded dependency on the package's library has a lower bound in wolf-0.3.23.cabal, like:
executable wolf-actor
build-depends:
wolf >=0.3.23,
Actual
Now the publish fails with:
Getting file list for /Users/mark/repos/wolf/
Building sdist tarball for /Users/mark/repos/wolf/
Checking package 'wolf' for common mistakes
Uploading wolf-0.3.24.tar.gz... unhandled status code: 400
Error: Invalid package
The package has an extraneous version range for a dependency on an internal library: wolf >=0.3.24, wolf >=0.3.24, wolf >=0.3.24. This version range includes the current package but isn't needed as the current package's library will always be used.
Upload failed on wolf-0.3.24.tar.gz
I am able to get the publish to pass by manually removing the bounds on the internal library in wolf-0.3.24.cabal, like:
executable wolf-actor
main-is: actor.hs
build-depends:
wolf,
Stack version
$ stack --version
Version 1.4.0, Git revision e714f1dd3fade19496d91bd6a017e435a96a6bcd (4640 commits) x86_64 hpack-0.17.0
Also tried with 1.5.0:
$ ~/Downloads/stack-1.5.0-osx-x86_64/stack --version
Version 1.5.0, Git revision 63267f94d7c819cbecc2d59aa259d17240838e43 (4845 commits) x86_64 hpack-0.17.1
Method of installation
- Official binary, downloaded from fpcomplete's package repository