indy-utils dependencies can mismatch and fail to compile under certain conditions

Question

indy-utils dependencies can mismatch and fail to compile under certain conditions

gmulhearn-anonyome opened this issue 2 years ago · 1 comments

gmulhearn-anonyome commented 2 years ago

Condition 1

Running a cargo check on a project with an indy-credx 0.3.0 dependency will fail to compile due to mismatching types.

Currently this yields 13 errors all similar to the following:

error[E0308]: mismatched types
   --> /Users/gmulhearne/.cargo/registry/src/github.com-1ecc6299db9ec823/indy-credx-0.3.0/src/services/issuer.rs:164:9
    |
164 |         &origin_did,
    |         ^^^^^^^^^^^ expected struct `indy_data_types::did::DidValue`, found `&indy_utils::did::DidValue`
    |
    = note: expected reference `&indy_data_types::did::DidValue`
               found reference `&&indy_utils::did::DidValue`

error[E0599]: no method named `to_unqualified` found for struct `indy_data_types::RevocationRegistryId` in the current scope
   --> /Users/gmulhearne/.cargo/registry/src/github.com-1ecc6299db9ec823/indy-credx-0.3.0/src/services/issuer.rs:384:59
    |
384 |                 Some(ref _method_name) => Some(reg_reg_id.to_unqualified()),
    |                                                           ^^^^^^^^^^^^^^ method not found in `indy_data_types::RevocationRegistryId`

I believe this has to do with different versions of indy-utils being resolved by credx.

Here's the cargo tree:

└── indy-credx v0.3.0
    ├── indy-data-types v0.5.1
    │   ├── indy-utils v0.5.0
    │   │   ├── indy-wql v0.4.0
    ├── indy-utils v0.4.0
    │   ├── indy-wql v0.4.0 (*)

Since credx 0.3.0 depends on data-types ^0.5.0, and on utils ^0.4.0, a conflict happens when data-types 0.5.1 is used, as the update from data-types 0.5.0 -> 0.5.1 involved bumping the indy-utils dependency from 0.4.0 -> 0.5.0.

Perhaps that indy-data-types version bump should not have been a minor patch update?

You can see that when you force indy-data-types = "=0.5.0", the dependency resolution for indy-utils versions is fine:

├── indy-credx v0.3.0
│   ├── indy-data-types v0.5.0
│   │   ├── indy-utils v0.4.0
│   │   │   ├── indy-wql v0.4.0
│   ├── indy-utils v0.4.0 (*)
└── indy-data-types v0.5.0 (*)

Condition 2

Running cargo check on a project with the latest indy-credx 0.3.4 dependency, along side an ursa ^0.3.7 dependency will cause a similar mismatch of indy-utils versions. The tree can be seen below:

├── indy-credx v0.3.1
│   ├── indy-data-types v0.5.0
│   │   ├── indy-utils v0.4.0
│   │   │   ├── indy-wql v0.4.0
│   │   ├── ursa v0.3.7
│   ├── indy-utils v0.5.0
│   │   ├── indy-wql v0.4.0 (*)
└── ursa v0.3.7 (*)

This is because data-types 0.5.1 depends STRICTLY on ursa =0.3.6, so credx is forced to use data-types 0.5.0 (which allows ursa 0.3.7) whilst still using indy-utils directly at version 0.5.0

Related to similar issue with indy-vdr: hyperledger/indy-vdr#103

Answer 1 · 2023-08-04T20:31:52.000Z

Yes, there were issues with patch releases that included breaking changes. I believe these can be resolved by pinning the versions of indy-data-types and indy-utils in use, but I don't recommend using these old versions anyway. Newer versions do not depend on Ursa which helps with the dependency graph.