Dependencies.lock File

The dependencies.lock file is generated by the version solver and contains the exact versions of the components selected during dependency resolution. This file ensures reproducible builds by locking component versions so that future builds use the same versions.

If your project includes only ESP Component Registry Dependencies or Git Dependencies, it is recommended to check in the dependencies.lock file to version control. This ensures that all developers use consistent component versions when building the project locally.

If your project includes Kconfig Options, the dependencies.lock file should not be checked into version control. This is because it may contain local paths specific to your environment, which will not be available to other developers.

Warning

The dependencies.lock file should not be manually edited. It must only be modified by the version solver.

Root Attributes

dependencies

The dependencies attribute is a dictionary that includes all flattened dependencies of the project. Each key represents the dependency name, and the corresponding value contains attributes described in the Dependency Attributes section.

direct_dependencies

The direct_dependencies attribute is a list of the project's direct dependencies—those specified directly in the project's manifest files. This list is used to ensure that the build system is re-triggered when a component is moved from ESP Component Registry Dependencies to Kconfig Options.

manifest_hash

The manifest_hash attribute is a hash of all the manifest files tracked in the project. This hash ensures that the dependencies.lock file is generated based on the latest manifest files.

target

The target attribute specifies the target for which the lock file was generated. It helps resolve Conditional Dependencies correctly depending on the selected target.

version

The version attribute indicates the version of the dependencies.lock file. It ensures that this version matches the version of the IDF Component Manager.

For example, IDF Component Manager 1.x uses version 1.0.0 for the dependencies.lock file, while IDF Component Manager 2.x uses version 2.0.0.

Dependency Attributes

Each entry in the dependencies dictionary includes the following attributes:

component_hash

The component_hash attribute is a hash of the component, used to verify component's integrity and ensure that the component hasn't changed since the dependencies.lock file was generated.

dependencies

The dependencies attribute is a dictionary containing the direct dependencies of the component.

source

The source attribute specifies the type of the component. For more details, see the Component Dependencies section.

version

The version attribute indicates the version of the component selected by the Version Solver.

targets

The targets attribute lists the targets compatible with the component. This field can be omitted if the component is compatible with all targets.