Skip to content

Don't allow the retracted version when upgrading #4721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
sigurdm wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Don't allow the retracted version when upgrading #4721

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
36b3bc2
Don't allow the retracted version when upgrading
sigurdm Dec 5, 2025
10381d0
Add test
sigurdm Dec 5, 2025
945e11d
Better logic
sigurdm Dec 5, 2025
19066ba
Update goldens and other test expectations
sigurdm Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion lib/src/solver/report.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -495,7 +495,6 @@ $contentHashesDocumentationUrl
oldId != null &&
newId != null &&
oldDependencyType != newDependencyType;

if (!(alwaysShow ||
changed ||
addedOrRemoved ||
Expand Down
3 changes: 2 additions & 1 deletion lib/src/solver/version_solver.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -610,7 +610,8 @@ class VersionSolver {
return range.constraint as Version?;
}
}
return _lockFile.packages[package]?.version;
final locked = _getLocked(package);
return locked?.version;
}

/// Logs [message] in the context of the current selected packages.
Expand Down
28 changes: 3 additions & 25 deletions test/get/hosted/resolve_with_retracted_package_versions_test.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,6 @@ void main() {
);
});

// Currently retraction does not affect prioritization. I.e., if
// pubspec.lock already contains a retracted version, which is the newest
// satisfying the dependency constraint we will not choose to downgrade.
// In this case we expect a newer version to be published at some point which
// will then cause pub upgrade to choose that one.
test('Allow retracted version when it was already in pubspec.lock', () async {
final server =
await servePackages()
Expand All @@ -66,28 +61,12 @@ void main() {
]).validate();

server.retractPackageVersion('bar', '1.1.0');
await pubUpgrade();
await d.cacheDir({'foo': '1.0.0', 'bar': '1.1.0'}).validate();
await d.appPackageConfigFile([
d.packageConfigEntry(name: 'foo', version: '1.0.0'),
d.packageConfigEntry(name: 'bar', version: '1.1.0'),
]).validate();

server.serve('bar', '2.0.0');
await pubUpgrade();
await pubGet();
await d.cacheDir({'foo': '1.0.0', 'bar': '1.1.0'}).validate();
await d.appPackageConfigFile([
d.packageConfigEntry(name: 'foo', version: '1.0.0'),
d.packageConfigEntry(name: 'bar', version: '1.1.0'),
]).validate();

server.serve('bar', '1.2.0');
await pubUpgrade();
await d.cacheDir({'foo': '1.0.0', 'bar': '1.2.0'}).validate();
await d.appPackageConfigFile([
d.packageConfigEntry(name: 'foo', version: '1.0.0'),
d.packageConfigEntry(name: 'bar', version: '1.2.0'),
]).validate();
});

test(
Expand Down Expand Up @@ -124,10 +103,9 @@ void main() {

await pubUpgrade(args: ['--offline']);

// We choose bar 1.1.0 since we already have it in pubspec.lock
await d.appPackageConfigFile([
d.packageConfigEntry(name: 'foo', version: '1.0.0'),
d.packageConfigEntry(name: 'bar', version: '1.1.0'),
d.packageConfigEntry(name: 'bar', version: '1.0.0'),
]).validate();

// Delete lockfile so that retracted versions are not considered.
Expand Down Expand Up @@ -183,7 +161,7 @@ void main() {

await pubUpgrade();
await d.appPackageConfigFile([
d.packageConfigEntry(name: 'foo', version: '3.0.0'),
d.packageConfigEntry(name: 'foo', version: '1.0.0'),
]).validate();

await d.dir(appPath, [
Expand Down
92 changes: 46 additions & 46 deletions test/testdata/goldens/outdated/outdated_test/newer versions available.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,10 @@ $ pub outdated --json
"version": "1.0.1"
},
"upgradable": {
"version": "1.0.1"
"version": "1.0.0"
},
"resolvable": {
"version": "1.0.1"
"version": "1.0.0"
},
"latest": {
"version": "1.0.0"
Expand Down Expand Up @@ -137,22 +137,22 @@ $ pub outdated --no-color
Showing outdated packages.
[*] indicates versions that are not the latest available.

Package Name Current Upgradable Resolvable Latest
Package Name Current Upgradable Resolvable Latest

direct dependencies:
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) *1.0.1 (retracted) *1.0.1 (retracted) 1.0.0
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) 1.0.0 1.0.0 1.0.0

dev_dependencies:
builder *1.2.3 *1.3.0 2.0.0 2.0.0
builder *1.2.3 *1.3.0 2.0.0 2.0.0

transitive dependencies:
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0

transitive dev_dependencies:
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0

3 upgradable dependencies are locked (in pubspec.lock) to older versions.
To update these dependencies, use `dart pub upgrade`.
Expand All @@ -170,14 +170,14 @@ $ pub outdated --no-color --no-transitive
Showing outdated packages.
[*] indicates versions that are not the latest available.

Package Name Current Upgradable Resolvable Latest
Package Name Current Upgradable Resolvable Latest

direct dependencies:
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) *1.0.1 (retracted) *1.0.1 (retracted) 1.0.0
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) 1.0.0 1.0.0 1.0.0

dev_dependencies:
builder *1.2.3 *1.3.0 2.0.0 2.0.0
builder *1.2.3 *1.3.0 2.0.0 2.0.0

2 upgradable dependencies are locked (in pubspec.lock) to older versions.
To update these dependencies, use `dart pub upgrade`.
Expand All @@ -195,24 +195,24 @@ $ pub outdated --no-color --up-to-date
Showing outdated packages.
[*] indicates versions that are not the latest available.

Package Name Current Upgradable Resolvable Latest
Package Name Current Upgradable Resolvable Latest

direct dependencies:
bar 1.0.0 1.0.0 1.0.0 1.0.0
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
local_package 0.0.1 (path) 0.0.1 (path) 0.0.1 (path) 0.0.1 (path)
retracted *1.0.1 (retracted) *1.0.1 (retracted) *1.0.1 (retracted) 1.0.0
bar 1.0.0 1.0.0 1.0.0 1.0.0
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
local_package 0.0.1 (path) 0.0.1 (path) 0.0.1 (path) 0.0.1 (path)
retracted *1.0.1 (retracted) 1.0.0 1.0.0 1.0.0

dev_dependencies:
builder *1.2.3 *1.3.0 2.0.0 2.0.0
builder *1.2.3 *1.3.0 2.0.0 2.0.0

transitive dependencies:
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0

transitive dev_dependencies:
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0

3 upgradable dependencies are locked (in pubspec.lock) to older versions.
To update these dependencies, use `dart pub upgrade`.
Expand All @@ -230,22 +230,22 @@ $ pub outdated --no-color --prereleases
Showing outdated packages.
[*] indicates versions that are not the latest available.

Package Name Current Upgradable Resolvable Latest
Package Name Current Upgradable Resolvable Latest

direct dependencies:
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) *1.0.1 (retracted) *1.0.1 (retracted) 1.0.0
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) 1.0.0 1.0.0 1.0.0

dev_dependencies:
builder *1.2.3 *1.3.0 *2.0.0 3.0.0-alpha
builder *1.2.3 *1.3.0 *2.0.0 3.0.0-alpha

transitive dependencies:
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0

transitive dev_dependencies:
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0

3 upgradable dependencies are locked (in pubspec.lock) to older versions.
To update these dependencies, use `dart pub upgrade`.
Expand All @@ -263,14 +263,14 @@ $ pub outdated --no-color --no-dev-dependencies
Showing outdated packages.
[*] indicates versions that are not the latest available.

Package Name Current Upgradable Resolvable Latest
Package Name Current Upgradable Resolvable Latest

direct dependencies:
foo *1.2.3 *1.3.0 3.0.0 3.0.0
retracted *1.0.1 (retracted) *1.0.1 (retracted) *1.0.1 (retracted) 1.0.0
foo *1.2.3 *1.3.0 3.0.0 3.0.0
retracted *1.0.1 (retracted) 1.0.0 1.0.0 1.0.0

transitive dependencies:
transitive *1.2.3 2.0.0 2.0.0 2.0.0
transitive *1.2.3 2.0.0 2.0.0 2.0.0

2 upgradable dependencies are locked (in pubspec.lock) to older versions.
To update these dependencies, use `dart pub upgrade`.
Expand All @@ -288,22 +288,22 @@ $ pub outdated --no-color --no-dependency-overrides
Showing outdated packages.
[*] indicates versions that are not the latest available.

Package Name Current Upgradable Resolvable Latest
Package Name Current Upgradable Resolvable Latest

direct dependencies:
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) *1.0.1 (retracted) *1.0.1 (retracted) 1.0.0
foo *1.2.3 *1.3.0 *2.0.0 3.0.0
retracted *1.0.1 (retracted) 1.0.0 1.0.0 1.0.0

dev_dependencies:
builder *1.2.3 *1.3.0 2.0.0 2.0.0
builder *1.2.3 *1.3.0 2.0.0 2.0.0

transitive dependencies:
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0
transitive *1.2.3 *1.3.0 *1.3.0 2.0.0
transitive2 - - 1.0.0 1.0.0

transitive dev_dependencies:
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0
dev_trans *1.0.0 - *1.0.0 2.0.0
transitive3 - - 1.0.0 1.0.0

3 upgradable dependencies are locked (in pubspec.lock) to older versions.
To update these dependencies, use `dart pub upgrade`.
Expand Down Expand Up @@ -349,10 +349,10 @@ $ pub outdated --json --no-dev-dependencies
"version": "1.0.1"
},
"upgradable": {
"version": "1.0.1"
"version": "1.0.0"
},
"resolvable": {
"version": "1.0.1"
"version": "1.0.0"
},
"latest": {
"version": "1.0.0"
Expand Down
Loading