Flakes : updating flake inputs of dependent flakes

Hi all,

I think I have a misunderstanding about how flakes are meant to work. I have a flake that has another flake as an input (mach-nix @ GitHub - DavHau/mach-nix: Create highly reproducible python environments). mach-nix itself has other dependencies on other flakes, in particular “pypi-deps-db” (which is a non-flake dependency - I don’t know if that’s important):

inputs.pypi-deps-db = {
    url = "github:DavHau/pypi-deps-db";
    flake = false;

The problem (/ misunderstanding) that I’m having is that when I run nix flake update my flake.lock gets updated with the newest version of mach-nix, i.e. my first-level dependency. However, mach-nix's dependencies do not get updated: instead, they remain set to whatever is in mach-nix's most recent lock file.

This isn’t what I expected - I thought that, by analog with other package managers like e.g. npm, only the flake.lock in the highest level repository would be read, and that dependent flakes only have their inputs read from flake.nix. Having nix read dependencies’ flake.lock seems like a recipe for getting lots of collisions, which is exactly the problem I’m trying to debug.

Is there a way to do what I want? Or am I misunderstanding the role of flakes?

Only your top-level inputs will be updated, transient inputs will be set to whatever is in the lock file of whatever consumes that dependency.

If you want to override an inputs input, you need to use follows.

Ooof, that’s what I feared. I guess that makes sense for compiled dependencies where using a specific version of a dependency doesn’t affect downstream packages. It’s a problem for things like python however, where the final environment needs to be composed of all the dependencies.

Overriding everything with follows would work, but it means that the user who imports several locked python packages has to dig into each of their dependencies and their dependencies’ dependencies (etc), searching for all instances of a given packages to override (pypi-deps-db in my example), which is a pretty messy, fragile experience.

Would nix maintainers consider adding a flag to nix flake update like “–ignore-child-locks” for example? That would make workflows for interpreted languages much smoother.