Pod version resolution issue when both Podfile and pod depend on different versions of same dependency #2002
Labels
d2:moderate
A moderately-difficult ticket that may require a bit of knowledge about the codebase
s3:detailed
Issues with in-depth explanations and examples that make it easier to troubleshoot
t2:defect
These are known bugs. The issue should also contain steps to reproduce. PRs welcome!
Milestone
This issue has been originally submitted by @phatblat in CocoaPods/Core#64
I've found a very subtle yet potentially serious issue where the version of a dependency is miscalculated or multiple copies of the dependency are installed.
Note that I assume this is an issue in Core based on my guess of how the various CocoaPods repos depend on each other. Let me know if this issue is mis-filed and I will happily recreate in the correct repo.
This issue originally arose when my app's Podfile depended on a loose (~> 2.0) version of an AFNetworking subspec. Two pods called out in the Podfile also depended on loose versions of AFNetworking subspecs. When I ran
pod install
on 2/26 (when 2.2 was released), I ended up with both 2.1.0 and 2.2.0 versions of AFNetworking installed on top of each other, causing compiler issues.I've since determined that whether the Podfile specifies a dependency on the subspec or the top-level spec does not matter. The version of the dependency in the Podfile also doesn't matter much since even pinning it to a specific version (= 2.1.0) causes the issues. What matters is the (shared) dependency declaration in the referenced podspec.
Issue Cases
Conditions
shared dependency == AFNetworking
I've created a project which reproduces these issues at https://github.com/phatblat/SubspecUpdateIssue. Toggle the AFNetworking dependency lines in ZPodUsingAFN.podspec between the subspec and the top-level spec and run
pod install
to witness the above 2 issue cases.If someone gives me some pointers on the pertinent details I might be able to include them in an example at https://github.com/CocoaPods/cocoapods-integration-specs/.
Reproducing the case where
pod install
upgrades a pod it shouldn't have with a fuzzy version spec (~> 2.0) is harder to reproduce as it requires a Podfile.lock created while the offending version didn't exist. However, I believe the above cases are enough to resolve the current issue since it's reproducible with a pinned version in the Podfile.The text was updated successfully, but these errors were encountered: