Burnaviour
commented
1 year ago what does this means :Lock explicitly to 2.4.2 fabric node modules what's the name of m module in pakage.json file ?
Closed mbwhite closed 1 year ago
Burnaviour
commented
1 year ago what does this means :Lock explicitly to 2.4.2 fabric node modules what's the name of m module in pakage.json file ?
mbwhite
commented
1 year ago @Burnaviour when a node module is install in a project, the version attached is represented as a semver
npm install --save chalk
cat packge.json
....
"dependencies": {
"chalk": "^5.2.0"
}
...The ^ is a semver prefix that indicates how npm should resolve this.. in this case it's any version starting at 5.2 up to but not including 6.0.0
By 'lock' I mean making the version '5.2.0' in this example... i.e. remove the semver prefix.
See https://docs.npmjs.com/about-semantic-versioning
https://jubianchi.github.io/semver-check/#/ is very useful to experiment and learn how it works
Will add
Burnaviour
commented
1 year ago "dependencies": {
"@grpc/grpc-js": "1.8.1",
"fabric-contract-api": "2.4.2",
"fabric-shim": "2.4.2"
}, did this in both lock json and pakage json file It looks like there are new releases of the grpc-js library; we've yet to test those. However the version of grpc-js has been locked to the working version in the published node chaincode. Therefore if using the latest this should be seen by folks.
mbwhite
commented
1 year ago Going to close this now, as we've locked versions of the grpc-js code
When using a NodeJS chaincode, the chaincode container will start but fail on the first transaction. In either the peer logs or chaincode logs there will be errors about the "chat stream being closed or cancelled."
The peer-chaincode connection will be dropped and the chaincode container will also exit.
Affected We've seen this affect ~2.2 2.4 and~ the 2.5 release; note that this is an issue pulling in an updated dependency of the chaincode-node libraries. Chaincode that is already running won't be affected.
IF you explicitly use the 2.2 or 2.4 and are fixed at a 2.2 or 2.4 level the problem should not exist. These are already locked into 1.8.1 grpc-js. However you may have a semver prefix that would resolve to the most recent 2.5.0
Cause
grpc-js, a dependency of fabric-shim for javascript chaincode has had a recent update that appears to have broken fabric-shim. New installs will pick up this latest grpc-js dependency and is causing javascript chaincodes to terminate.
The 1.8.2 grpc-js release is problematic release; 1.8.1 is the last good one.
grpc-js issue https://github.com/grpc/grpc-node/issues/2318
Workaround
a) Lock your fabric-contract-api fabric-shim libraries to specifically 2.4.2
b) Install a specific version of grpc-js in your own chaincode's package.json
Double check the package.json has the version of exactly 1.8.1 - ensure there are no ^ or ~ or other prefix. This should ensure that when the dependencies are resolved the 1.8.1 will be used. Note that we've not tested with all node module installers. We're confident this approach works with node16's npm.
It is also recommended to use the npm shrinkwrap mechanism to lock down as many dependencies as possible when deploying.
Fixes