Closed trivikr closed 1 month ago
Re-opening, since https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.570.0 didn't release new versions of the following packages:
credential-provider-ini
credential-provider-web-identity
token-providers
This is likely due to some issue in internal publish script, and needs investigation.
An update to @aws-sdk/credential-provider-ini
was released in https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.572.0, and I verified that it depends on fix version of the client
$ npm install @aws-sdk/credential-provider-ini@3.572.0 --save-exact
$ grep -A 2 peerDependencies node_modules/@aws-sdk/credential-provider-ini/package.json
"peerDependencies": {
"@aws-sdk/client-sts": "3.572.0"
},
Pinning client peerDependencies makes npm to force installation step, like described in https://github.com/aws/aws-sdk-js-v3/issues/6098, or in internal ticket JS-5195.
We're reverting to using latest version of client peerDependenices in https://github.com/aws/aws-sdk-js-v3/pull/6099. It'll be published with https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.577.0 around 12:30 PM Pacific today.
If you're sensitive to install size in your applications, you can do one of the following:
This problem should not exist since https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.569.0 as we add clients used in credential providers as direct dependency in https://github.com/aws/aws-sdk-js-v3/pull/6055
At the time of running the test, the latest version of the SDK is v3.576.0
$ npm init -y && npm install @aws-sdk/client-dynamodb@3.569.0 --save-exact
$ du -sh node_modules
17M node_modules
$ npm ls @aws-sdk/client-sts
test-npm@1.0.0 /Users/trivikr/workspace/test-npm
└─┬ @aws-sdk/client-dynamodb@3.569.0
├─┬ @aws-sdk/client-sso-oidc@3.569.0
│ └── @aws-sdk/client-sts@3.569.0 deduped
├── @aws-sdk/client-sts@3.569.0
└─┬ @aws-sdk/credential-provider-node@3.569.0
├─┬ @aws-sdk/credential-provider-ini@3.568.0
│ └── @aws-sdk/client-sts@3.569.0 deduped
└─┬ @aws-sdk/credential-provider-web-identity@3.568.0
└── @aws-sdk/client-sts@3.569.0 deduped
$ grep peerDependencies -A 2 node_modules/@aws-sdk/credential-provider-ini/package.json
"peerDependencies": {
"@aws-sdk/client-sts": "^3.568.0"
},
$ npm view @aws-sdk/client-sts versions | tail -n3
'3.569.0', '3.572.0', '3.574.0', '3.575.0',
'3.576.0'
]
Although credential-provider-ini requests the latest version of client-sts, it's resolved to v3.569.0
because of direct dependency from client-dynamodb.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.
Describe the feature
Install size of node_modules increased in v3.565.0
Use Case
At the time of running the test, the latest version of the SDK is
v3.568.0
Versions
v3.564.0
v3.565.0
v3.568.0
Proposed Solution
The install size increases in
v3.565.0
, since npm installs peerDependencies by default and it installs the latest version at the time of running the install in absence of lockfile. In v3.565.0, we switched to using caret for all peerDependencies in https://github.com/aws/aws-sdk-js-v3/pull/6031 which caused this issue.To unblock users on package managers which do not install peerDepdendencies by default, like yarn, we added direct dependency of exact client version in https://github.com/aws/aws-sdk-js-v3/pull/6055. We can similar use exact version of client as a peerDependency in credential providers.
Other Information
No response
Acknowledgements
SDK version used
v3.564.0
Environment details (OS name and version, etc.)
Node.js