Dependencies mismatch across some packages

ernestostifano commented 1 week ago

Checkboxes for prior research

[X] I've gone through Developer Guide and API reference
[X] I've checked AWS Forums and StackOverflow.
[X] I've searched for previous similar issues and didn't find any solution.

Describe the bug

We have the following dependency chain:

@aws-sdk/client-s3@npm:3.682.0 -> @aws-crypto/sha1-browser@npm:5.2.0 -> @smithy/util-utf8@npm:2.3.0

Which is not compatible with other SDK packages' chains, e.g.:

@aws-sdk/client-dynamodb@npm:3.682.0 -> @smithy/util-utf8@npm:3.0.0
@aws-sdk/client-iot -> @smithy/util-utf8@npm:3.0.0
@aws-sdk/middleware-sdk-s3@npm:3.682.0 -> @smithy/util-utf8@npm:3.0.0
...

This causes two different versions of @smithy/util-utf8 and its dependecies to be bundled in our app.

There are also issues with some semver declarations in other packages, e.g.:

@aws-sdk/client-sqs@npm:3.682.0 -> @aws-sdk/middleware-sdk-sqs@npm:3.679.0 (3.679.0 is fixed).

Regression Issue

[ ] Select this option if this issue appears to be a regression.

SDK version number

@aws-sdk/*@3.682.0

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

v21.7.3

Reproduction Steps

N/A.

Observed Behavior

See description.

Expected Behavior

Versioning of the SDK packages to be consistent to avoid different versions of modules being bundled together.

Possible Solution

Make sure all packages are bumped together and that correct semver syntax is being used when declaring dependencies.

In the meantime, we are using Yarn Resolutions to mitigate. However, this is risky across major versions like in the case of @smithy/util-utf8@npm:2.3.0/@smithy/util-utf8@npm:3.0.0.

Additional Information/Context

N/A.

kuhe commented 6 days ago

This is not a bug, our dependency wants to use a specific version of util-utf8 and we want to use another version. Your application bundle will function correctly whether you override @smithy/util-utf8 to a single version or include the nested version.

Please create a request to https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser to release a version using ^3.0.0 of util-utf8.

zshzbh commented 6 days ago

Hey @ernestostifano ,

Thanks for the feedback! I just checked the codebase -

aws-sdk/client-s3 version 3.682 has dependency of "@smithy/util-utf8": "^3.0.0",

@aws-crypto/sha1-browser has dependency of "@smithy/util-utf8": "^2.0.0",

Think the request would be updating the version to ^3.0.0

zshzbh commented 6 days ago

I just created a request - https://github.com/aws/aws-sdk-js-crypto-helpers/issues/847. Please let us know if you have any other questions.

Thanks! Maggie

aws / aws-sdk-js-v3