Hi there! In the projects I'm working on some dependencies are fetched directly from private git. First time latest master is fetched and then its sha is locked in mix.lock. No tags, no branches are used (sure, might be not the best practice). Lately I was moving "private" libraries from GitHub to GitLab and updating their sources in mix.exs. So they continue build in CI as before. However, when I ran *mix deps.get -* lock_status of private dependencies' evaluates to :*outdated *and deps get updated to latest master. Though the sha of previous revision is also available in new origin.
(Currently I manually reverted parts of mix.lock file to point to the "previous" revision.) Is this a valid use case to not update dependency but only update the uri of origin in mix.lock file? Or maybe introduce new task like mix deps.update_origin <dependency_name>? -- You received this message because you are subscribed to the Google Groups "elixir-lang-core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-core/0a3e3faf-9a2c-4534-9544-8a7b26bbc3e8n%40googlegroups.com.
