New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nested dependency isn't locked to installed version #4580
Comments
This is intentional. |
Is there reasoning behind it? It seems like the goal of the |
Because you can change anything in a local pod at any time. |
Shouldn't this still prefer the |
Hm. Maybe. I'd be open to a PR changing that behavior, with test coverage. |
'pod install' is causing local dependencies & their dependencies no to follow versions described in 'podfile.lock'. Thus every 'pod install' might casue some dependencies updates, especailly when the dependency version is specified using '~> a.b.c' syntax. More about the '~>' syntax: https://guides.cocoapods.org/using/the-podfile.html#specifying-pod-versions More about local deps vs 'podfile.lock' file: CocoaPods/CocoaPods#4580
# Why Fixes failing CI job: https://github.com/expo/expo/actions/runs/485236804 Failure is caused by the effects of the `pod install` command invoked during the publishing `expo-av` package: 4cc9d1b In this case the failure is caused by unintentional bump of `Analytics` pod from version `4.0.4` to version `4.1.x`. Unfortunately, according to https://cocoapods.org/pods/Analytics#version-410-19-october-2020, the name has changed and we were fetching the `Analytics` pod using `~> 4.0` syntax, that ended us with the newest version possible, according to this syntax specification. # How `pod install` is causing local dependencies & their dependencies no to follow versions described in `podfile.lock`. Thus every `pod install` might cause some dependencies updates, especially when the dependency version is specified using `~> a.b.c` syntax. More about the `~>` syntax: https://guides.cocoapods.org/using/the-podfile.html#specifying-pod-versions More about local deps vs `podfile.lock` file: CocoaPods/CocoaPods#4580 # Test Plan - [x] Locally failing step passed - [x] Waiting for CI
Currently, if you include a dependency via the
:path
argument in your Podfile, which has dependencies of its own. The nested dependencies are not locked to the versions they are installed with. Here's an example:A depends on B and B depends on Alamofire with
~> 3.1.2
. When youpod install
with A,3.1.2
is written to thePodfile.lock
. Then when Alamofire pushes a new version and youpod install
again. The version is bumped in thePodfile.lock
even though you did notpod update
Here's an example project showing this issue: http://cl.ly/dtN9 from the fresh state,
libPhoneNumber-iOS
is in thePodfile.lock
as version0.8.8
. When you runpod install
it is updated to0.8.10
.I would expect the
Podfile.lock
to not be changed unless the user ranpod update
.The text was updated successfully, but these errors were encountered: