-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pubspec.lock sometimes doesn't work as a lockfile #85
Comments
… packages as required The package upgrades are those done automatically by `flutter pub get`. I suspect that those are triggered by upgrading Flutter; see #85.
OK, I now consider this diagnosis confirmed. At https://api.flutter.dev/ , there's a list of "supporting libraries that ship with Flutter". That list includes almost all of the packages that we've seen updated in this way:
(where The two exceptions — the two packages we've seen updated this way that aren't on that list of "supporting libraries" — are I think for our own purposes the solution is therefore: The other remaining action item is to see if there's an existing ticket for the upstream issue here:
and if not, then file one. Hopefully the behavior here can be less confusing and more transparent for future users of Flutter main. |
And update Flutter's supporting libraries to match, namely package:collection. (I've now further pinned down what's happening with these upgrades done automatically by `flutter pub get`; see #85.)
And update Flutter's supporting libraries to match, namely package:collection. (I've now further pinned down what's happening with these upgrades done automatically by `flutter pub get`; see #85.)
If I run
flutter pub get
right now, it bumps the version of several of our dependencies:Namely
test
,test_api
,test_core
. It edits thepubspec.lock
file to reflect these changes.We've had this happen several times before: 2b3e781, 0b89ce9, 265143d.
This doesn't fit with what I would think the meaning of
pubspec.lock
is, and the meaning offlutter pub get
: I expect the former to serve as a lockfile, and the latter to be the command that respects the lockfile and just installs the exact same versions of our dependencies as the lockfile specifies. There's a different command,flutter pub upgrade
, for when one wants to update what's in the lockfile.And in keeping with my expectations,
flutter pub get
leaves most of the dependencies in place, as the output above shows. By contrast if I runflutter pub upgrade
, it upgrades 15 dependencies instead of 3 (or 12 dependencies, if I do so afterflutter pub get
).(All the same observations apply if I type
dart pub get
anddart pub upgrade
. It seems like theflutter
versions are thin wrappers over thedart
versions; I'm not sure if there's any difference at all.)I'm not sure if this behavior of occasionally upgrading a few dependencies is just a bug in pub, or reflects some subtlety of pub's intended behavior, or somewhere in between. I'm hoping it's a bug that can just get fixed, because it seems pretty inconvenient. Lockfiles were a good invention.
One possible diagnostic factor is that we use Flutter from the main/master channel. Perhaps these updates reflect changes in Flutter's own dependencies? If that is what's driving this, then it adds a further reason for pinning our Flutter SDK version too, i.e. #15.
In that case, the upstream issue is just that when a mere
dart pub get
causes dependencies inpubspec.lock
to change, there should be some message explaining why.The text was updated successfully, but these errors were encountered: