The version of the apollo-codegen-swift dependency doesn't match the version documented in the CHANGELOG for a given apollo release. Or rather, the CHANGELOG actually seems to be documenting the wrong versions of dependencies¹ (at least, of apollo-codegen-swift) to begin with, but even taking that into account, when I install apollo@2.21.0 today I get a different version of apollo-codegen-swift than I did when version 2.21.0 was released, and what I get matches the version expected from apollo@2.21.3.
I'm not quite sure how this happens, this repo uses file references for the dependencies but it seems when they're published to the registry it turns into pinned versions with no package lock, and so apollo@2.21.0 seems to have a declared dependency on "apollo-codegen-swift": "^0.35.12", which then resolves (today) to version 0.35.15 at install time.
This is a problem because it causes inconsistent behavior when running apollo between different members of my team based on when they installed the tool. We probably should just vendor the apollo tool into our repo, but for the time being we simply require everyone to install the same version (and verify this version in our tooling), but that doesn't protect us from apollo-codegen-swift changes that affect existing source, such as adding type annotations (#1638).
My expectation is that since apollo is a tool rather than a library, that installing it should lock all of its dependencies to precise versions (or at the very least all of the apollo dependencies).
¹The CHANGELOG says apollo@2.21.0 shipped with apollo-codegen-swift@0.35.7 but the tagged commit for 2.21.0 shows apollo-codegen-swift@0.35.12. This may just be an error with this one CHANGELOG entry, I'm not sure; the version of apollo-codegen-swift documented for apollo@2.21.2 looks accurate. And this is all orthogonal to this particular bug report.
The version of the
apollo-codegen-swiftdependency doesn't match the version documented in the CHANGELOG for a givenapollorelease. Or rather, the CHANGELOG actually seems to be documenting the wrong versions of dependencies¹ (at least, of apollo-codegen-swift) to begin with, but even taking that into account, when I installapollo@2.21.0today I get a different version ofapollo-codegen-swiftthan I did when version 2.21.0 was released, and what I get matches the version expected fromapollo@2.21.3.I'm not quite sure how this happens, this repo uses file references for the dependencies but it seems when they're published to the registry it turns into pinned versions with no package lock, and so
apollo@2.21.0seems to have a declared dependency on"apollo-codegen-swift": "^0.35.12", which then resolves (today) to version 0.35.15 at install time.This is a problem because it causes inconsistent behavior when running apollo between different members of my team based on when they installed the tool. We probably should just vendor the
apollotool into our repo, but for the time being we simply require everyone to install the same version (and verify this version in our tooling), but that doesn't protect us fromapollo-codegen-swiftchanges that affect existing source, such as adding type annotations (#1638).My expectation is that since
apollois a tool rather than a library, that installing it should lock all of its dependencies to precise versions (or at the very least all of the apollo dependencies).¹The CHANGELOG says apollo@2.21.0 shipped with apollo-codegen-swift@0.35.7 but the tagged commit for 2.21.0 shows
apollo-codegen-swift@0.35.12. This may just be an error with this one CHANGELOG entry, I'm not sure; the version of apollo-codegen-swift documented for apollo@2.21.2 looks accurate. And this is all orthogonal to this particular bug report.