Describe the current behavior
For internal dependencies with complex version constraints (ranges, multiple constraints), npm, hex, and pypi adapters silently skip updates:
- npm: skips
>, < prefixes
- hex: skips
and/or conjunctions
- pypi: skips multiple constraints like
>=1.0,<2.0
- cargo: overwrites any constraint with the exact new version
Describe the problem
When bumping pkg-b from 1.5.0 to 2.0.0, if pkg-a depends on pkg-b>=1.0,<2.0:
- The constraint is silently skipped
pkg-a now has an invalid/outdated internal dependency- No warning is shown to the user
What's the expected result?
Parse complex ranges properly and:
- If new version satisfies the range → skip silently (no update needed)
- If new version does NOT satisfy the range AND packages are
fixed or linked → throw an error
- If new version does NOT satisfy the range → skip with a warning
This would surface constraint conflicts early instead of silently producing inconsistent workspaces.
Describe the current behavior
For internal dependencies with complex version constraints (ranges, multiple constraints), npm, hex, and pypi adapters silently skip updates:
>,<prefixesand/orconjunctions>=1.0,<2.0Describe the problem
When bumping
pkg-bfrom1.5.0to2.0.0, ifpkg-adepends onpkg-b>=1.0,<2.0:pkg-anow has an invalid/outdated internal dependencyWhat's the expected result?
Parse complex ranges properly and:
fixedorlinked→ throw an errorThis would surface constraint conflicts early instead of silently producing inconsistent workspaces.