Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nested dependency isn't locked to installed version #4580

Closed
keith opened this issue Nov 23, 2015 · 5 comments
Closed

Nested dependency isn't locked to installed version #4580

keith opened this issue Nov 23, 2015 · 5 comments
Labels
d1:easy An easy ticket that is a good start for first-time contributors t1:enhancement Enhancements that have not been picked up yet. Please comment if you plan to work on it

Comments

@keith
Copy link
Member

keith commented Nov 23, 2015

Currently, if you include a dependency via the :path argument in your Podfile, which has dependencies of its own. The nested dependencies are not locked to the versions they are installed with. Here's an example:

A depends on B and B depends on Alamofire with ~> 3.1.2. When you pod install with A, 3.1.2 is written to the Podfile.lock. Then when Alamofire pushes a new version and you pod install again. The version is bumped in the Podfile.lock even though you did not pod update

Here's an example project showing this issue: http://cl.ly/dtN9 from the fresh state, libPhoneNumber-iOS is in the Podfile.lock as version 0.8.8. When you run pod install it is updated to 0.8.10.

I would expect the Podfile.lock to not be changed unless the user ran pod update.
@segiddins
Copy link
Member

This is intentional.

@keith
Copy link
Member Author

keith commented Nov 23, 2015

Is there reasoning behind it? It seems like the goal of the Podfile.lock is to make sure that you never update something unless you explicitly try to using pod update

@segiddins
Copy link
Member

Because you can change anything in a local pod at any time.

@keith
Copy link
Member Author

keith commented Nov 23, 2015

Shouldn't this still prefer the Podfile.lock's version though? If you changed the podspec intentionally and it didn't match you would get the "can't satisfy both these constraints" error message. Which you would fix with a pod update

@segiddins
Copy link
Member

Hm. Maybe. I'd be open to a PR changing that behavior, with test coverage.

@neonichu neonichu mentioned this issue Nov 24, 2015
Closed
@segiddins segiddins added t1:enhancement Enhancements that have not been picked up yet. Please comment if you plan to work on it d1:easy An easy ticket that is a good start for first-time contributors labels Nov 26, 2015
@kylef kylef mentioned this issue Jan 6, 2016
Merged
@justinseanmartin justinseanmartin mentioned this issue Jan 18, 2016
Closed
@manuyavuz manuyavuz mentioned this issue Jan 30, 2016
Merged
2 tasks
bbarthec added a commit to expo/expo that referenced this issue Jan 15, 2021
@bbarthec
[iOS][detox][bare-expo] Fix detox builds
6e7a9a5 
'pod install' is causing local dependencies & their dependencies no to follow versions described in 'podfile.lock'.
Thus every 'pod install' might casue some dependencies updates, especailly when the dependency version is specified using '~> a.b.c' syntax.

More about the '~>' syntax: https://guides.cocoapods.org/using/the-podfile.html#specifying-pod-versions
More about local deps vs 'podfile.lock' file: CocoaPods/CocoaPods#4580
@bbarthec bbarthec mentioned this issue Jan 15, 2021
Merged
2 tasks
bbarthec added a commit to expo/expo that referenced this issue Jan 15, 2021
@bbarthec
[iOS][detox][bare-expo] Fix detox builds (#11645)
8094edf 
# Why

Fixes failing CI job: https://github.com/expo/expo/actions/runs/485236804
Failure is caused by the effects of the `pod install` command invoked during the publishing `expo-av` package:  4cc9d1b

In this case the failure is caused by unintentional bump of `Analytics` pod from version `4.0.4` to version `4.1.x`.
Unfortunately, according to https://cocoapods.org/pods/Analytics#version-410-19-october-2020, the name has changed and we were fetching the `Analytics` pod using `~> 4.0` syntax, that ended us with the newest version possible, according to this syntax specification.

# How

`pod install` is causing local dependencies & their dependencies no to follow versions described in `podfile.lock`.
Thus every `pod install` might cause some dependencies updates, especially when the dependency version is specified using `~> a.b.c` syntax.

More about the `~>` syntax: https://guides.cocoapods.org/using/the-podfile.html#specifying-pod-versions
More about local deps vs `podfile.lock` file: CocoaPods/CocoaPods#4580

# Test Plan

- [x] Locally failing step passed
- [x] Waiting for CI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
d1:easy An easy ticket that is a good start for first-time contributors t1:enhancement Enhancements that have not been picked up yet. Please comment if you plan to work on it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@keith @segiddins