neil dep add: Prefer stable versions

[rads]

I think installing a stable version is what most users want in the end.

Current behavior:

$ cat deps.edn
{:deps {}}

$ neil dep add nrepl

$ cat deps.edn
{:deps {nrepl/nrepl {:mvn/version "1.1.0-alpha1"}}}

Expected behavior:

$ cat deps.edn
{:deps {}}

$ neil dep add nrepl

$ cat deps.edn
{:deps {nrepl/nrepl {:mvn/version "1.0.0"}}}

[borkdude]

I don't agree on this one. There are some libraries like hiccup and clojure.data.xml which have been using alpha versions for years and everybody uses those.

[rads]

Fair enough. Personally I think it's bad practice to encourage the use of alpha versions as the default for all dependencies. If there's a library that everyone uses as an alpha, that should be the exception rather than the rule. It seems like the ideal behavior would be to install stable versions by default and allow for overrides for specific libraries where the alpha versions are preferred.

I've been trying to use neil dep add but in the end it's faster for me to just look it up in my browser since I want the stable version in 99% of my own use cases. If I asked someone on my team to set up a project and their pull request had a deps.edn full of -alpha versions, I'd ask them to go back and switch them to the stable versions unless it's absolutely necessary. That just seems like common sense for security and stability.

Feel free to close this or move to a discussion, whatever you prefer.

[borkdude]

@rads Yes, I think you're right, these deps should be the exception. As long as neil doesn't downgrade them to stable versions once you have set them to alpha, it should be good. Might also be good to check what other tools like antq do here?

[borkdude]

@rads Just FYI, I changed my mind on this and I agree that this should be addressed, as long as existing alpha versions aren't downgraded to stable versions (because that would be annoying for things like hiccup and clojure.data.xml).

[rads]

@borkdude: Thanks for letting me know! I apologize if any part of my previous comment came off as snarky. I just want to make sure I get my point across as concisely as possible but also acknowledge it's your decision so we don't have to waste time going back and forth on issues where we may disagree.

[borkdude]

Not at all, no problem

[KingMob]

Where do -SNAPSHOT versions fall in this? Currently, neil dep upgrade --dry-run is trying to replace a newer 0.4.2-SNAPSHOT with an unwanted 0.4.1 in my deps.

[KingMob]

I see this is partially mentioned in #145 , but I think it should be considered for upgrade purposes as well.

[borkdude]

I'd say the behavior should be "never downgrade".

Perhaps we can use version-clj to do the version comparisons:

https://github.com/xsc/version-clj

(and lazily load it for good startup time).