flutter moved all dependencies of pubspec.lock to pubspec.yaml to report an error

Issue

In order to control the version of all indirect dependencies, I moved all dependencies of pubspec.lock to pubspec.yaml. I compared the differences between pubspec.yaml and pubspec.lock, and finally pubspec.yaml looks like this:

name: xxxx
description: A new flutter plugin project.
version: 0.0.1
homepage:

environment:
  sdk: ">=2.12.0 <3.0.0"
  flutter: ">=1.20.0"

dependencies:
  flutter:
    sdk: flutter

  # flutter packages=========
  async: 2.6.1
  boolean_selector: 2.1.0
  characters: 1.1.0
  charcode: 1.2.0
  clock: 1.1.0
  collection: 1.15.0
  fake_async: 1.2.0
  ffi: 1.1.2
  matcher: 0.12.10
  meta: 1.3.0
  path: 1.8.0
  sky_engine: 0.0.99
  source_span: 1.8.1
  stack_trace: 1.10.0
  stream_channel: 2.1.0
  string_scanner: 1.1.0
  term_glyph: 1.2.0
  test_api: 0.3.0
  typed_data: 1.3.0
  vector_math: 2.1.0

dev_dependencies:
  flutter_test:
    sdk: flutter

Then I get an error´╝Ü

pub get failed (1; Because xxx depends on sky_engine >=0.0.2 which
requires SDK version <2.0.0, version solving failed.)

The error is obvious, sky_engine requires SDK version <2.0.0. But sky_engine is a dependency of flutter sdk, everything worked before I moved to pubspec.yaml.

My questions:

  1. Why does sky_engine work in pubspec.lock without version problems? If I don’t lower the flutter sdk version, how can I solve the current problem?
  2. If I want to control all indirect dependent versions, is there a better way?

Solution

Why does sky_engine work in pubspec.lock without version problems?

I’m not certain, but my guess is that the reference in Flutter is pulled from the Flutter SDK, but the way you’ve added it to your pubspec is trying to pull this very old package from pub.

If I don’t lower the flutter sdk version, how can I solve the current problem?

You could just remove sky_engine from the list. It will be implicity versioned through your Flutter SDK. However:

If I want to control all indirect dependent versions, is there a better way?

Yes, you would be better committing your pubspec.lock file (and only listing your specific dependencies in pubspec.yaml). This is suggested practice for your applications:

https://dart.dev/guides/libraries/private-files#pubspeclock

For application packages, we recommend that you commit the pubspec.lock file. Saving pubspec.lock ensures that everyone working on the app uses the exact same versions.

However, if you’re creating a package/reusable library, doing this may create unnecesary version constraints for projects using the package and therefore this might not be a good idea. You don’t say why you’re trying to do this though.

Answered By – Danny Tuppeny

Answer Checked By – Marilyn (FlutterFixes Volunteer)

Leave a Reply

Your email address will not be published.