How to fix Elixir's 1.11 application boundaries?

sezaru · November 5, 2020, 9:15pm

Elixir’s new version has a new compiler check specified here: link

After upgrading Elixir, now I receive a lot of these compiler warnings, some are related to my project dependencies and are easy to fix, but how do I fix the ones that are triggering because of a dependency of a library that is not mine?

I know that the obvious answer would be a PR (I already submitted some), but still, there is some libraries that are simply dead or very rarely maintained, meaning that even if I send a PR, there is no telling when this PR would be accepted, merged and a new version created.

So, is there any way to at least silence these warnings for a specific library dependency?

Also, how do you handle the case of optional dependencies?

For example, Tesla library has the gun library as an optional dependency: {:gun, "~> 1.3", optional: true},.

Should the library dev still add :gun to its :extra_applications?

If I add :gun to its :extra_applications, it fix the issue, but only if I use :gun dependency in my app, if I don’t use it, I was getting this error: ** (Mix) Could not start application gun: could not find application file: gun.app

Adding :gun to my app (the one that depends on Tesla) to :extra_applications doesn’t seems to affect the warning, I still get it.

So, what is the correct way to handle these warnings?

I would also recommend an official blog post or some documentation on the matter so users not aware of it (specially new users) will not be bombarded by warnings and not know what to do.

NobbZ · November 5, 2020, 9:29pm

Adding anything to the :extra_applications is only a fix for elixir and erlang delivered packages, which you can not specify as dependency.

If you get the warning, that you are using a module from a non-dep, then you should add that application/package to your deps and not to :extra_applications.

The text which is issued (according to the changelog entry) is this:

:ssl.connect/2 defined in application :ssl is used by the current
application but the current application does not directly depend
on :ssl. To fix this, you must do one of:

  1. If :ssl is part of Erlang/Elixir, you must include it under
     :extra_applications inside "def application" in your mix.exs

  2. If :ssl is a dependency, make sure it is listed under "def deps"
     in your mix.exs

  3. In case you don't want to add a requirement to :ssl, you may
     optionally skip this warning by adding [xref: [exclude: :ssl]
     to your "def project" in mix.exs

sezaru · November 5, 2020, 9:47pm

Thanks for the reply, but I don’t know if I understood it entirely.

If you get the warning, that you are using a module from a non-dep, then you should add that application/package to your deps and not to :extra_applications .

I created a test app to check this, I added this as my dependencies:

  defp deps do
    [
      {:tesla, "~> 1.3"},
      {:castore, "~> 0.1"},
      {:mint, "~> 1.0"},
    ]
  end

But I still get warnins like this:

warning: Mint.HTTP.request/5 defined in application :mint is used by the current application but the current application does not directly depend on :mint. To fix this, you must do one of:

  1. If :mint is part of Erlang/Elixir, you must include it under :extra_applications inside "def application" in your mix.exs

  2. If :mint is a dependency, make sure it is listed under "def deps" in your mix.exs

  3. In case you don't want to add a requirement to :mint, you may optionally skip this warning by adding [xref: [exclude: Mint.HTTP]] to your "def project" in mix.exs

Found at 2 locations:
  lib/tesla/adapter/mint.ex:163: Tesla.Adapter.Mint.make_request/5
  lib/tesla/adapter/mint.ex:176: Tesla.Adapter.Mint.make_request/5

Doesn’t seem like I adding the dependency to my application deps fixes it at all.

NobbZ · November 5, 2020, 9:54pm

That warning does not come from your code, but from tesla. From what I understand about the boundary checker, tesla should be allowed to call into mint, as mint is a direct dependency.

What exact version of Elixir are you using?

josevalim · November 5, 2020, 9:55pm

Tesla should pick option 3 in the warning and add xref: [exclude: [:gun, Mint]], since :gun and Mint, etc is optional for them.

Adding :gun to your deps won’t solve it, as this is strictly a problem for when Tesla is compiled.

EDIT: This answer is wrong, please see comments below.

NobbZ · November 5, 2020, 9:57pm

So the boundary check pretends optional dependencies to not exist?

sezaru · November 5, 2020, 10:03pm

Got it.

But wouldn’t be better or at least convenient to have an option to ignore these warnings for a specific dependency in case they take too long to update their packages or the package is simply dead?

I mean, knowing of these warnings is very good of course, but at the same time is very verbose and increases the dificulty to find warnings that I can fix (from my app) since they are buried in the middle of dependencies warnings.

In my case I created a bunch of PRs and changed my dependencies to {:some_dep, github: "my_forked_repo/some_dep"} for each one of these dependencies until they update their versions which is a pain in the butt.

sezaru · November 5, 2020, 10:03pm

Elixir 1.11.2

josevalim · November 5, 2020, 10:11pm

Good question, you are correct. Mix should be respecting optional deps. The bug is that Tesla is listing :applications explicitly and it does not include gun, mint, etc in the prod environment.

josevalim · November 5, 2020, 10:20pm

PR here: https://github.com/teamon/tesla/pull/430