inconsistent dependencies when upgrading server from 6 to 7

[tmountjr]

When I upgraded the server package from v6 to v7, I started getting really weird errors in my build process:

error Error: Cannot get schema for 'J4' target
    at FK.get (/Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:10:502113)
    at Function.toASN (/Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:10:508863)
    at Function.serialize (/Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:10:508632)
    at Function.serialize (/Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:10:511449)
    at /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:10:515604
    at /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:1:215
    at /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:10:516622
    at /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:1:215
    at /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:10:519120
    at /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt/.edgio/lambda/routes.js:1:215
node:internal/process/promises:279
            triggerUncaughtException(err, true /* fromPromise */);

Took a while to track down but it ended up being a mismatched version of the @peculiar set of packages:

$ npm list @peculiar/asn1-schema
webauthn-firebase-nuxt@1.0.0 /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt
└─┬ @simplewebauthn/server@7.0.0
  ├─┬ @peculiar/asn1-android@2.3.0
  │ └── @peculiar/asn1-schema@2.3.0 deduped
  ├─┬ @peculiar/asn1-ecc@2.3.4
  │ ├── @peculiar/asn1-schema@2.3.3
  │ └─┬ @peculiar/asn1-x509@2.3.4
  │   └── @peculiar/asn1-schema@2.3.3
  ├─┬ @peculiar/asn1-rsa@2.3.4
  │ └── @peculiar/asn1-schema@2.3.3
  ├── @peculiar/asn1-schema@2.3.0
  └─┬ @peculiar/asn1-x509@2.3.2
    └── @peculiar/asn1-schema@2.3.0 deduped

The solution was to remove the node_modules folder AND the yarn.lock file and reinstall everything; after that, the packages were consistent:

$ npm list @peculiar/asn1-schema
webauthn-firebase-nuxt@1.0.0 /Users/tmount/Documents/repos/webauthn/webauthn-firebase-nuxt
└─┬ @simplewebauthn/server@7.0.0
  ├─┬ @peculiar/asn1-android@2.3.3
  │ └── @peculiar/asn1-schema@2.3.3 deduped
  ├─┬ @peculiar/asn1-ecc@2.3.4
  │ └── @peculiar/asn1-schema@2.3.3 deduped
  ├─┬ @peculiar/asn1-rsa@2.3.4
  │ └── @peculiar/asn1-schema@2.3.3 deduped
  ├── @peculiar/asn1-schema@2.3.3
  └─┬ @peculiar/asn1-x509@2.3.4
    └── @peculiar/asn1-schema@2.3.3 deduped

Not sure if this is anything that even can be fixed, but maybe it's worth a note on the upgrade process at least?

[tmountjr]

I tried an over-simplified workflow:

1. create new project
2. yarn add @simplewebauthn/server@^6
3. npm list @peculiar/asn1-schema
4. yarn add @simplewebauthn/server@^7
5. npm list @peculiar/asn1-schema
6. compare the two list outputs

I couldn't get the mismatch to show up after the upgrade. May have just been something goofy with my specific installation.

[MasterKale]

@tmountjr Thank you for reporting this, and for trying to reproduce. You know what might be causing this? Server's @peculiar dependencies specify one of two possible versions:

"@peculiar/asn1-android": "^2.1.7",
"@peculiar/asn1-ecc": "^2.3.4",
"@peculiar/asn1-rsa": "^2.3.4",
"@peculiar/asn1-schema": "^2.1.7",
"@peculiar/asn1-x509": "^2.1.7",

I think that's why we see asn1-schema@2.3.0 installed, because it satisfies the "@peculiar/asn1-schema": "^2.1.7" declaration. But then the newer asn1-rsa@2.3.4, which declares "@peculiar/asn1-schema": "^2.3.3" in its package.json, leads to asn1-schema@2.3.3 being installed which can't be deduped:

  ├─┬ @peculiar/asn1-rsa@2.3.4
  │ └── @peculiar/asn1-schema@2.3.3
  ├── @peculiar/asn1-schema@2.3.0

Blowing away your lock file probably allowed yarn to deduplicate everything because it hadn't installed any earlier versions of the @peculiar libraries.

I think the action item for me here is to update @simplewebauthn/server's @peculiar dependencies to the latest version - that's a monorepo of a project and for the most part all of the packages should use the same version. That should prevent this from happening to others in the future.

[tmountjr]

Makes sense - thanks for taking a look!

[tmountjr]

I've got my v6 repo handy, i can test the next v7 release in a new branch and should be able to consistently replicate my upgrade process that way.

[MasterKale]

@tmountjr This should be fixed in @simplewebauthn/server@7.0.1. Give it a try and let me know 👍

[tmountjr]

I cloned my repo and reset to the point before installing v7.0.0 and ran the following:

$ yarn install
$ yarn add @simplewebauthn/server@^7
$ yarn add -D @simplewebauthn/browser@^7
$ npm list @peculiar/asn1-schema
webauthn-firebase-nuxt@1.0.0 /Users/tmount/Documents/repos/webauthn/wfn-test
└─┬ @simplewebauthn/server@7.0.1
  ├─┬ @peculiar/asn1-android@2.3.3
  │ └── @peculiar/asn1-schema@2.3.3 deduped
  ├─┬ @peculiar/asn1-ecc@2.3.4
  │ └── @peculiar/asn1-schema@2.3.3 deduped
  ├─┬ @peculiar/asn1-rsa@2.3.4
  │ └── @peculiar/asn1-schema@2.3.3 deduped
  ├── @peculiar/asn1-schema@2.3.3
  └─┬ @peculiar/asn1-x509@2.3.4
    └── @peculiar/asn1-schema@2.3.3 deduped

Looks good!

[MasterKale]

Thank you for helping confirm the fix, @tmountjr 🥳