Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add expat and libxml2 to list of allowed version ranges #23603

Merged
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions docs/adding_packages/dependencies.md
Original file line number Diff line number Diff line change
Expand Up @@ -178,14 +178,15 @@ for consumer, we do impose some limits on Conan features to provide a smoother f

Version ranges are a useful Conan feature, [documentation here](https://docs.conan.io/2/tutorial/versioning/version_ranges.html).
With the introduction of Conan 2.0, we are currently working to allow the use of version ranges and are allowing this for a handful of dependencies.
Currently, these are:
Currently, these are (except if the recipe needs a newer lower version for specific reasons):

* OpenSSL: `[>=1.1 <4]` for libraries known to be compatible with OpenSSL 1.x and 3.x
* CMake: `[>3.XX <4]`, where `3.XX` is the minimum version of CMake required by the relevant build scripts. Note that CCI recipes assume 3.15 is installed in the system, so add this
version range only when a requirement for a newer version is needed.
* Libcurl: `[>=X.YY <9]`, where `X.YY` is the minimum version of Libcurl required, starting from `7.78`
* Zlib: `[>=1.2.11 <2]` expect if the recipe needs a newer lower version for specific reasons
* Libpng: `[>=1.6 <2]` expect if the recipe needs a newer lower version for specific reasons
* Libcurl: `[>=7.78 <9]`
* Zlib: `[>=1.2.11 <2]`
AbrilRBS marked this conversation as resolved.
Show resolved Hide resolved
* Expat: `[>=2.6.2 <3]`
* Libxml2: `[>=2.12.5 <3]`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It there a rational for such high lower bound? I know that some recipes are not compatible with libxml2 2.12.x due to removal of few functions.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, this is just the version that had no cve at the time of writing

Note that when necessary, we can nudge the verison ranges to fit when a library does not support newer versions, I'll add a note, thanks for the heads up :)

Copy link
Member Author

@AbrilRBS AbrilRBS Jun 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pinging @SpaceIm in case you don't get answer notifications! (Which is what happened to me, if you comment on old cclosed issues, feel free to ping so I dont lose the notification!)


> **Warning**: With Conan 1.x, [version ranges](https://docs.conan.io/1/versioning/version_ranges.html) adhere to a much more strict sematic version spec,
> OpenSSL 1.1.x does not follow this so the client will not resolve to that range and will pick a 3.x version. In order to select a lower version you
Expand Down
Loading