Closed steveacalabro closed 1 year ago
@hossam-nasr: could you please prioritize taking a look at this?
@steveacalabro I wasn't able to repro your issue. Do you mind sharing your package.json
file? Also, which version of uuid
ended up being resolved in your yarn.lock
/package-lock.json
file? In my tests, I got version 3.3.3
, and that compiled fine. In the node_modules
folder, you could see that there is indeed a v5.js
file in the root of the package.
@hossam-nasr This may help. I was able to thin down my code to just these functions here in this stackblitz.
You should be able to reproduce using
yarn build
In the yarn.lock, the durable functions resolves to this
durable-functions@2.1.1:
version "2.1.1"
resolved "https://registry.yarnpkg.com/durable-functions/-/durable-functions-2.1.1.tgz#9cbb982ef88ab766267990fab95e33fba974e015"
integrity sha512-/fCgtkLb2C5ugKCdIxxkJ/k2SFOYw8bnMte9EDb3a+p06HBkp2x+RbA9OzexR/rIvgj45T5m67rjsberial5pw==
dependencies:
"@azure/functions" "^1.2.3"
axios "^0.21.1"
debug "~2.6.9"
lodash "^4.17.15"
moment "^2.29.2"
uuid "~3.3.2"
validator "~13.7.0"
@steveacalabro Thanks for providing this info! I was able to get this problem to repro with the given package.json
file. I noticed that you had this line:
"resolutions": {
"uuid": "9.0.0"
}
In your package.json
file, which was forcing uuid
to resolve to version 9.0.0
, causing the error. Removing this part from the package.json
file fixed the issue for me. Is there a reason that you added this?
I do agree though with your broader point about upgrading the uuid
version we use. This is also a message that you get when trying to install the durable-functions
SDK:
warning durable-functions > uuid@3.3.3: Please upgrade to version 7 or higher.
Older versions may use Math.random() in certain circumstances, which is known to be problematic.
See https://v8.dev/blog/math-random for details.
@hossam-nasr I had that there trying to do a workaround "to use yarn's resolutions feature"
I removed it in the stack blitz and I'm still getting the same error on the build
*Edit: Actually that is not true. I apologize, the first run of that seemed to be a cache issue with NPM. Once I re-installed it in stack blitz it did work. When I remove that in my local code I am getting the same error. I'm going to try to see what missing between what's in the stack blitz and what's in the code. I assume that it is something with how I am using webpack to transpile. If I'm able to get it to reproduce I'll post here again
@steveacalabro Sounds good, thank you. Please update here if you're able to reproduce.
@hossam-nasr Appreciate the help here! I apologize this actually ended up being with the way I was doing my webpack build so I am going to close this issue :)
If you're interested, in this portion of my webpack script
resolve: {
extensions: ['.tsx', '.ts', '.js'],
plugins: [new TsconfigPathsPlugin()],
modules: [
path.resolve(__dirname, '..', 'node_modules'),
path.resolve(__dirname, 'node_modules'),
],
}
I was accidentally resolving the node_modules from the parent directory before the current one. This was overriding the modules with bad versions which ultimately caused the issue.
Though, as we said. The lower version of UUID as a dependency should likely be noted for update just in case
@steveacalabro Glad this got resolved! And yes, agreed. I've filed an issue for that here: #483
Describe the bug This happens during a fresh install of the JS package
durable-functions@2.1.1
. When you attempt to build it with typescript you will get this as an error. My assumption is the wrong version of UUID is installed in the package itself. It is most likely related to this line of code https://github.com/Azure/azure-functions-durable-js/blob/2857fc579ba61b91673e5a4b259bf9ce2386bd1c/src/guidmanager.ts#L3.Investigative information
[3.3.0, 4.0.0)
2.1.1
typescript^4.0.0
v16.18.0
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
I expect to be able to build using typescript. I also would think that the package version should be as close to up-to-date as possible to eliminate any potential security threats
Actual behavior A clear and concise description of what actually happened.
The build errors locally and in CI
Screenshots If applicable, add screenshots to help explain your problem.
NA
Known workarounds Provide a description of any known workarounds you used.
resolutions
feature to force the package to a newer version of UUID. This unfortunately did not work. I am currently working to find other workarounds and will update the description of things that I have attempted. As a note, the current version of the UUID package that is being pulled down is~3.3.2
which was released on "Jun 28, 2018". The current version of this package is now up to9.0.0
which was released on Sep 5, 2022. No matter the outcome of this issue for future support this package should likely be updated.