Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added info on dependency version constraints #5431

Merged
merged 5 commits into from
Mar 27, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 29 additions & 8 deletions src/content/tools/pub/dependencies.md
Original file line number Diff line number Diff line change
Expand Up @@ -418,14 +418,13 @@ are ignored by all users of your package.

## Best practices

It's important to actively manage your dependencies and
ensure that your packages use the freshest versions possible.
If any dependency is stale,
then you might have not only a stale version of that package,
but also stale versions of other packages in your dependency graph that
depend on that package.
These stale versions can have a negative impact on
the stability, performance, and quality of apps.
Be proactive in managing your dependencies.
Ensure that your packages depend on the freshest versions of packages
when possible.
If your package depends on a stale package,
that stale package may depend on other stale packages in its dependency tree.
Stale versions of packages can have a negative impact on
the stability, performance, and quality of your app.

We recommend the following best practices for package dependencies.

Expand All @@ -444,6 +443,28 @@ To identify dependencies in your app or package that
aren't on the latest stable versions,
use [`dart pub outdated`][].

### Tighten version constraints for dev dependencies

A dev dependency defines a package that you need only when developing.
A finished app won't need these packages.
Examples of these packages include tests or code generation tooling.
Set the version constraints of packages in [`dev_dependencies`][dev-dep]
to have a lower bound of the latest version on which your package depends.

Tightening the version constraints of your dev dependencies might
resemble the following:

```yaml
dev_dependencies:
build_runner: ^2.4.8
lints: ^2.1.1
test: ^1.25.1
```

This YAML sets the `dev_dependencies` to the latest patch versions.

[dev-dep]: /tools/pub/dependencies#dev-dependencies

### Test whenever you update package dependencies

If you run [`dart pub upgrade`][] without updating your pubspec,
Expand Down