Recommendation to install beta breaks ecosystem #2260
Comments
You can use
It should not cause problems. You are implying that you can only use the latest version of a package that another package depends on which is not true. You can use more recent version or older versions. It just has to be in the range of versions that satisfy the dependency. If package A depends on package B
"ember-simple-auth": "^1.6.0 || ^2.0.0 || ^3.0.0"
|
|
You are misunderstanding.
An app written for 3.1.0-beta.1 will break in really weird ways if 3.0.1 is installed instead.
There is nothing wrong with |
This would only be true if package B correctly uses Semver, or the version required was in the major.minor.patch chain and was not as in this case a beta. |
It is not calling for the latest version of 3.x. It is calling for any version of 3.x that matches
Yes. I was not aware that const semver = require('semver');
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0'); // => false
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0', { includePrerelease: true }); // => true
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0-alpha'); // => false
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0 || ^3.1.0-alpha'); // => true |
|
As the recommendation in |
Of course it will ;) 3.1.0 introduces new APIs that do not exist in 3.0.1. That does not mean 3.1.0 is not backwards compatible. We're aiming for a stable 3.1.0 within the next few weeks. |
|
@BryanCrotaz I would strongly recommend to use https://github.com/salsify/ember-cli-dependency-lint to avoid these kinds of issues in the future, and if you use yarn you can use https://github.com/atlassian/yarn-deduplicate to deduplicate dependencies in your lockfile to solve the version conflicts. |
|
:) I already use that - that's how I worked out what the problem was! I've used yarn's |
|
the beta is only recommended in the README of the
that's only true if you don't use dependency-lint or are not generally aware of the issue. and I do agree that it is an issue, but it is a more general issue, that is not just limited to ESA. even if there was a v3.1.0 release here your issue would not be resolved because the lockfile would still point to v3.0.x for existing installs. |
|
When using |
this is starting a somewhat different discussion now, but: why not? |
|
|
|
sure, but that does not mean that you can't install ESA explicitly too. you only have to be careful that both versions match up. the alternative would be that |
|
@Turbo87 Yes, you are correct. You can explicitly install ESA if you want but you need to make sure to install a supported version. |
|
I have submitted a PR to esa-token that makes ESA a peerDependency. Please, one of you agree to change your stance. The two addons are at loggerheads, you disagree, and you both say the other is wrong. All I can do as an app developer is watch and feel sad. And fork my own solution, which is not in the ethos of the Ember community. |
What exactly do we disagree on? I don't recall saying ESA was doing anything wrong. I said you were doing something wrong by trying to use a version of ESA that |
FWIW https://jubianchi.github.io/semver-check/#/%5E3.0.0/3.1.0-beta.1%20 disagrees with that statement 🤔 |
const semver = require('semver');
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0'); // => false
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0', { includePrerelease: true }); // => true
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0-alpha'); // => false
semver.satisfies('3.1.0-beta.1', '^1.6.0 || ^2.0.0 || ^3.0.0 || ^3.1.0-alpha'); // => trueI would assume that means |
And In fact it has to - otherwise any time you put out an alpha release you'd break everyone out there. |
|
I never said that, and I am not ESA. What I said was that it is one alternative possibility. |
I didn't say this was wrong. I said that based on the fact that ESA has historically not been a peer dependency of |
|
OK, this is getting silly. The situation is that anyone following the instructions will end up with a broken app and obscure error messages. Between these two addons you need to sort out what you're going to do. I've submitted a PR to ember-simple-auth-token which fixes the problem. If you don't like it, come up with something else. But don't sit there denying there's a problem and saying it doesn't make sense to change anything. I'm off to do some work on my own code. I'll have to reimplement ESA as it's just been too much hassle coping with the upgrades. |
|
@BryanCrotaz I will add a note to the |
|
@fenichelar it looks like you're right. I guess the only way to resolve this then is using |
|
@Turbo87 What is the recommended version of ESA to use in production at this time? |
|
I would assume the latest stable release, but I'm not the maintainer of this addon, so I can't say for sure 😅 |
From the docs:
However this beta is not marked as
latest, so any other addons that require ESA won't work - Babel will use random parts of the two libraries.For example, using
ember-simple-auth-tokenfor JWT auth:In my case this means that
throws -
sessiondoesn't have any methods, only the authenticated data block. Uninstallingember-simple-auth-tokenmakes it work again.Please can we get a
3.1.0release, and never recommend installation of a beta - that's guaranteed to cause these types of problems.The text was updated successfully, but these errors were encountered: