Skip to content

fix: prevent use_standalone() from downgrading version constraints#2255

Open
eitsupi wants to merge 1 commit into
r-lib:mainfrom
eitsupi:fix/standalone-version-downgrade
Open

fix: prevent use_standalone() from downgrading version constraints#2255
eitsupi wants to merge 1 commit into
r-lib:mainfrom
eitsupi:fix/standalone-version-downgrade

Conversation

@eitsupi

@eitsupi eitsupi commented Jun 27, 2026

Copy link
Copy Markdown

Problem

use_standalone() could inadvertently lower a package's version constraint in DESCRIPTION. When the standalone file's imports: field specifies a lower minimum version than what the package already requires, use_dependency() overwrites the existing (higher) constraint.

For example, if DESCRIPTION already contains rlang (>= 1.1.0) and a standalone file declares imports: rlang (>= 1.0.0), calling use_standalone() would silently downgrade the constraint to >= 1.0.0.

This happens because use_dependency() always writes the new version when the version differs and the dependency type is unchanged — regardless of whether the new version is higher or lower than the existing one.

Fix

Add a downgrade argument to use_dependency() and use_package():

  • downgrade = TRUE (default) preserves the existing behaviour, allowing the version to be lowered.
  • downgrade = FALSE silently ignores a min_version that is lower than the currently recorded version, emitting an informational message instead.

use_standalone() now passes downgrade = FALSE when recording its imports: dependencies.

Changes

  • use_dependency(): new downgrade argument (with check_bool() validation)
  • use_package(): new downgrade argument, threaded through to use_dependency()
  • use_standalone(): passes downgrade = FALSE to use_package()
  • New test and snapshot for the downgrade = FALSE behaviour

@eitsupi eitsupi force-pushed the fix/standalone-version-downgrade branch from 5867eac to a270aaf Compare June 27, 2026 07:35
Add a `downgrade` argument to `use_dependency()` and `use_package()`.
When `downgrade = FALSE`, a `min_version` lower than the currently
recorded version is ignored rather than being written to DESCRIPTION.

Previously, `use_standalone()` could inadvertently lower a package's
version constraint when the standalone file's `imports:` field specified
a lower minimum version than what the package already required. For
example, a standalone file declaring `imports: rlang (>= 1.0.0)` would
overwrite an existing `rlang (>= 1.1.0)` constraint in DESCRIPTION.

`use_standalone()` now passes `downgrade = FALSE` when handling its
`imports:` dependencies, preventing this regression.
@eitsupi eitsupi force-pushed the fix/standalone-version-downgrade branch from a270aaf to 77c8ee9 Compare June 27, 2026 07:38
@eitsupi eitsupi changed the title fix: prevent use_standalone() from downgrading version constraints fix: prevent use_standalone() from downgrading version constraints Jun 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant