Edge Cases

Conflicting Dependency Versions

Scenario: Two dependencies require different versions of the same package

Behavior:

Warning:

Skipping jsx (git source) as an app of the same name has already been fetched

Solution:

Scenario: Same dependency appears at different depths

Example:

my_app → dep_a → dep_common (level 2)
my_app → dep_b → dep_common (level 2)
my_app → dep_common (level 1)

Behavior:

Triggered by: rebar3 upgrade

Behavior:

Effect on Warnings:

Location: _checkouts/dep_name/

Behavior:

Use Cases:

Warning:

App my_dep is a checkout dependency and cannot be locked.

Behavior: All dependencies resolved from scratch

When This Happens:

Behavior: Only default profile dependencies are locked

Reason: Different profiles used in different contexts

Example:

{profiles, [
    {test, [{deps, [meck]}]}
]}.

Running: rebar3 as test compile

Result: meck resolved but NOT added to rebar.lock

Scenario: Lock file pins version of transitive dependency

Example:

% rebar.config
{deps, [{cowboy, "2.9.0"}]}.

% rebar.lock includes:
{<<"ranch">>, {git, "...", {ref, "..."}}, 1}

Behavior: