New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Transitive internal dependencies versions are too loose #4174
Comments
In this situation did |
Sadly doesn't appear to. Here's a simple reproduction case: {
"name": "swc-test",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"@spectrum-web-components/action-menu": "0.41.1",
"@spectrum-web-components/menu": "0.41.1"
}
} Installing this and then We get an action menu at 0.41.1 depending on 0.41.2 base and other components: /@spectrum-web-components/action-menu@0.41.1:
resolution: {integrity: sha512-UFCabpm6G5Z6GSilncjniiLYfVYkxmud2lDe30QC3pddoXSSiR3YSN9rHFxGXRddAghTHG4RfCIt+YaT4PMmjQ==}
dependencies:
'@spectrum-web-components/action-button': 0.41.2
'@spectrum-web-components/base': 0.41.2
'@spectrum-web-components/icon': 0.41.2
'@spectrum-web-components/icons-workflow': 0.41.2
'@spectrum-web-components/picker': 0.41.2
'@spectrum-web-components/shared': 0.41.2
dev: false And we get duplicate menu components: /@spectrum-web-components/menu@0.41.1:
resolution: {integrity: sha512-tjNaE3gLrgchFIEjmNxERJC6TgEKhZv4TRxcGVRZlXZDKho+Ju7EMwIfzfoVAMtPN74CQzJrvFUY3QuuQsOgjQ==}
dependencies:
'@lit-labs/observers': 2.0.2
'@spectrum-web-components/action-button': 0.41.2
'@spectrum-web-components/base': 0.41.2
'@spectrum-web-components/divider': 0.41.2
'@spectrum-web-components/icon': 0.41.2
'@spectrum-web-components/icons-ui': 0.41.2
'@spectrum-web-components/overlay': 0.41.2
'@spectrum-web-components/popover': 0.41.2
'@spectrum-web-components/shared': 0.41.2
dev: false
/@spectrum-web-components/menu@0.41.2:
resolution: {integrity: sha512-KLwqEnVZIH69E99x4//hiDLUjspwMyM6IENlHLiGoL+8nHwnof88XOPguU5+N2v3zJCVMwF0audVFS+FnwjeXA==}
dependencies:
'@lit-labs/observers': 2.0.2
'@spectrum-web-components/action-button': 0.41.2
'@spectrum-web-components/base': 0.41.2
'@spectrum-web-components/divider': 0.41.2
'@spectrum-web-components/icon': 0.41.2
'@spectrum-web-components/icons-ui': 0.41.2
'@spectrum-web-components/overlay': 0.41.2
'@spectrum-web-components/popover': 0.41.2
'@spectrum-web-components/shared': 0.41.2
dev: false Of course if I change the |
Looking around for alternative approaches the only options I can find are:
|
This is super helpful research. We'll need a little time to process. I get a bad feeling this is a not everyone can be happy thing, but trying to make those people as small a group as possible is what we'll try for! |
Code of conduct
Impacted component(s)
all
Expected behavior
We should be able to install arbitrary sets of SWC components using hard pinned versions, e.g.
0.41.1
such that all internal dependencies thereby brought in by those components will internally resolve to not cause conflictings SWC component versions.Actual behavior
When installing the following set of dependencies:
Its possible for package resolution to result in a duplicate install of
@spectrum-web-components/menu
at0.41.2
.This is caused by the internal dependency in
action-menu
onpicker
with the semver^0.41.1
being specified. This allows0.41.2
to be installed forpicker
which in turn brings inmenu
at^0.41.2
. This second transitive dependencies onmenu
is then more restrictive than themenu
installed by the app and thus we end up with two versions in the repository.Suggest making internal dependencies use the
0.41.1
form of semver (with no^
) to ensure that when you install a component at a specific version you only get packages at that version installed. This will avoid unexpected installation of newer versions which can cause such conflicts.Screenshots
No response
What browsers are you seeing the problem in?
No response
How can we reproduce this issue?
@spectrum-web-components/menu
and@spectrum-web-components/action-menu
to a project with a fixed version, e.g.0.41.1
pnpm
pnpm-lock.yaml
and confirm that two versions ofmenu
are installed.Sample code that illustrates the problem
No response
Logs taken while reproducing problem
No response
The text was updated successfully, but these errors were encountered: