search

launchdarkly / ios-client-sdk

LaunchDarkly Client-side SDK for iOS (Swift and Obj-C)
https://docs.launchdarkly.com/sdk/client-side/ios
Other
69 stars 84 forks source link

Swift Package Manager warning from the Quick package; need to update Quick #243

Closed chrismanderson closed 3 years ago

chrismanderson commented 3 years ago

Describe the bug We're getting a build warning 

Showing Recent Messages
found 1 file(s) which are unhandled; explicitly declare them as resources or exclude from the target
/Users/user/Library/Developer/Xcode/DerivedData/MyApp-crxxzeaxkeceisgpqbvrnkkdtjsk/SourcePackages/checkouts/Quick/Sources/Quick/Info.plist

when building our application with the LaunchDarkly SDK added via SPM. It appears that Quick released a bug fix for this issue https://github.com/Quick/Quick/pull/1048 - can we get the LD updated with that bug fix?

To reproduce Add LD SDK version 5.4.0 to my app - build the app.

Expected behavior The app builds with no SPM warnings related to the LaunchDarkly SDK.

Logs

Showing Recent Messages
found 1 file(s) which are unhandled; explicitly declare them as resources or exclude from the target
/Users/user/Library/Developer/Xcode/DerivedData/MyApp-crxxzeaxkeceisgpqbvrnkkdtjsk/SourcePackages/checkouts/Quick/Sources/Quick/Info.plist

SDK version 5.4.0

Language version, developer tools Xcode 12.4, iOS 12-14

Additional context Ideally, the solution isn't to update Quick but to exclude the testing packages - Nimble, Quick, etc, from the main package. It's somewhat odd to have these packages brought into my application when they aren't being used - it's additional dependencies we need to pull down and build even though we aren't using them, and they are only for the LD tests. Can you add them only to the test target instead of the main package?

torchhound commented 3 years ago

Hi @chrismanderson thanks for reporting this.

Filed internally as 104328

chrismanderson commented 3 years ago

Thanks @torchhound. Happen to have a rough expectation of when this will be resolved?

yammada commented 3 years ago

I also ran into this issue and I opened #242 to update Quick, but excluding them if possible would be great as well.

bobergj commented 3 years ago

+1 on removing these dependencies from the main package. They just increase package download time on fresh builds on our CI. Also, we are using newer versions of Quick and Nimble in our own test target. Having multiple versions of these packages on the Xcode workspace adds noise.

mchan-genetec commented 3 years ago

The inclusion of Quick also introduces a transitive dependency on the kramdown 2.3.1 package which has a critical security issue and one high security issue.

gwhelanLD commented 3 years ago

This issue should be resolved in the 5.4.2 release. We've both update the swift-tools-version to prevent the test dependencies from being included transitively, as well as updated this dependency version for our tests.

Thanks for the report, @gwhelanLD