Reputation: 2771
Deleted pubspec.lock regenerates with newer package versions?
To repair our pubspec.lock file during development, I occasionally delete it and run flutter pub get to regenerate it.
What I'm seeing now is, I run flutter pub get and no changes are made to the pubspec.lock file. But, when I delete pubspec.lock and run flutter pub get, git shows that several updates to our packages in the regenerated pubspec.lock file compared to the one that was deleted.
We're all on flutter 2.8. I've tested this with 2.8.0 and 2.8.1 and there are slight differences between the two, but they both update a dozen or more packages. Most updates are patches but a few are minor updates.
Could be something fundamental I'm not understanding about pubspec.lock files? If we're all on the same version of flutter, shouldn't deleting/rebuilding pubspec.lock produce an identical file?
Upvotes: 4
Views: 5059
Answers (2)
Reputation: 2783
When you run pub get, the Pub package manager looks at pubspec.yaml and generates the pubspec.lock file. This lock file records the exact versions of the packages and their transitive dependencies that were resolved during that particular run.
If a package p in your pubspec.yaml has a dependency on another package p1 with a caret (^) version constraint, like ^1.2.3, it means that the resolved version of p1 can be any version that is backwards-compatible with the specified version range (e.g., >=1.2.3 <2.0.0).
The pubspec.lock file "locks" these resolved versions, including transitive dependencies. This means that no matter how many times you run flutter pub get, you will get the exact dependencies of the packages and their transitive dependencies
If you delete the pubspec.lock file and run pub get again, and if a transitive dependency like p1 has been updated(not p, assume p is the same in your yaml file) with breaking changes, the new version of p1 will be installed(as it's a transitive dependency).
This would lead to an update in your lock file.
Hope that makes sense.
Upvotes: 1
Reputation: 2771
A coworker clued me in. Deleting and regenerating the pubspec.lock file performs a pub upgrade, which is why the packages are newer. Doing a pub get does not run pub upgrade.
Upvotes: 2
Related Questions
- Flutter: Can I force flutter to install packages from pubspec.lock?
- Why flutter `pub get` change pubspec.lock?
- What's the use of pubspec.lock file in Flutter Project
- Flutter: Git branch reference not updating in pubspec.lock
- Flutter pubspec dependency conflict
- how to clean flutter outdated pubs
- Fixed flutter version on pubspec.yaml
- Version solving for certain package versions failed in flutter
- flutter moved all dependencies of pubspec.lock to pubspec.yaml to report an error
- pub get not generating pubspec.lock file