JuliaCrypto/SHA.jl

Specifying SHA.jl compatibility with Julia 1.6/1.7

omus opened this issue · 3 comments

omus commented

The latest version of this package is 0.7. You cannot install SHA@0.7 on Julia 1.6 and 1.7 as these versions already include SHA.jl as a stdlib:

julia> VERSION
v"1.6.6"

(@v1.6) pkg> add SHA@0.7
   Resolving package versions...
ERROR: Unsatisfiable requirements detected for package SHA [ea8e919c]:
 SHA [ea8e919c] log:
 ├─possible versions are: 1.6.6 or uninstalled
 └─restricted to versions 0.7 by an explicit requirement — no versions left

This is problematic as if you want to specify a Project.toml compat entry for SHA.jl and your package supports Julia 1.6+ you would have to define a compat entry of:

[compat]
SHA = "~1.6, ~1.7, 0.7"

Although this isn't a problem at the moment we could run into an issue in the future where SHA.jl version 1.0.0 removes functionality that was present in the stdlib and then stdlib SHA.jl and the external SHA.jl have versions 1.6.6 that provide different functionality.

Additionally, when this external package reaches version 2.0 then Julia 1.6 and 1.7 will be unable to use this new version as they are stuck with the stdlib version.

The only options I see are to:

  • Change the package UUID such that Julia 1.6 and 1.7 can use either the stdlib SHA or the external version
  • Keep the external SHA.jl package compatible with the stdlib version. Once Julia 1.6 is no longer the LTS we can make whatever changes we want here and inform package maintainers to drop support for Julia 1.6 to mitigate this issue.

@KristofferC may have some thoughts here.

Is there anything new about this? In particular, requiring stdlib compats for the registry now seems like a reason to find a quick solution for this.