Carthage: carthage update dependency version higher than i specify

Created on 17 Jul 2018 · 13Comments · Source: Carthage/Carthage

carthage install method: [ ] .pkg, [√ ] homebrew, [ ] source
which carthage: /usr/local/bin/carthage
carthage version: 0.30.1
xcodebuild -version: Xcode 10.0 Build version 10L201y
Are you using --no-build? No
Are you using --no-use-binaries? No
Are you using --use-submodules? No
Are you using --cache-builds? No
Are you using --new-resolver? No

Cartfile

github "apache/incubator-weex" == 0.18.0

Carthage Output

*** Fetching incubator-weex
*** Checking out incubator-weex at "0.18.0.1"

I specify the version to exactly 0.18.0, but when i use carthage update, it checkout a higher version 0.18.0.1. It seems to use compatible version.

bug

Source

zhongWJ

Most helpful comment

Tentative fix: https://github.com/Carthage/Carthage/pull/2518

marcoconti83 on 18 Jul 2018

🎉2

All 13 comments

I change my Cartfile to this:

github "apache/incubator-weex" "0.18.0"

This time carthage works as expected.

zhongWJ on 17 Jul 2018

Have you tried with --new-resolver?

tmspzz on 17 Jul 2018

carthage update --new-resolver
* Fetching incubator-weex
* Checking out incubator-weex at "0.18.0.1"
i tried with --new-resolver, don't work.

zhongWJ on 17 Jul 2018

0.18.0.1 is not a valid semantic version.

More details here: https://semver.org/

marcoconti83 on 17 Jul 2018

@mdiep I think the code still implements the behavior that if a semver version is requested, but there is a non-semver version, it will pick the non-semver version (a random one!).

This is one point that I tried to address in my original PR more than one year ago but what I understood from your comment is that this would break compatibility and you would prefer to leave the current behavior.

If this is not the case, I would be happy to change the code so that it will ignore any non-semver version [edit] and return an error if it does not find any semver-compatible version.

marcoconti83 on 17 Jul 2018

@marcoconti83 It's more subtle than that. We should only pick a non-semver version if explicitly requested. (i.e. it appears in a Cartfile) The issue here is that we're picking one when it hasn't been requested.

mdiep on 17 Jul 2018

@marcoconti83 @mdiep — to note (and maybe clarify), SemanticVersion.from(Scanner(string: "4.3.2.1")) does return a Result.success¹.

So, while not being technically SemVer, it will get parsed into a CarthageKit.SemanticVersion for versions dating back to 2015 (at least).

We scan characters from versionCharacterSet, split on full stops (omitting empty subsequences), require at least 2 integers, but perform no check that a full stop doesn’t immediately follow the patch version.

While this code did get reevaluated to some degree during the review process for #2412 — code like SemanticVersion.from(Scanner(string: "4....3.2")) was considered — it’s somewhat of an oversight that we didn’t implement a stricter checking on whether post-patch-version characters exists in what we split out of versionCharacterSet.

For post-patch-version characters that don’t fall into versionCharacterSet, scanner.isAtEnd performs that check.

⑴ expect(SemanticVersion.from(Scanner(string: "4.3.2.1")).value) == SemanticVersion(major: 4, minor: 3, patch: 2) will hold true for Carthage versions 0.30.1, 0.29.0, and many previous versions.