v2.17.0 introduces a regression

[rpadovani]

I do not use this package directly, but xo does.

After you released 2.17.0 xo doesn't run anymore with this error:

If you break retro-compatibility, you are supposed to to a major version bump.

/builds/***/node_modules/is-my-json-valid/index.js:366
      visit(name+'['+i+']', node.items, reporter, filter, schemaPath.concat('items'))
                                                                     ^

TypeError: Cannot read property 'concat' of undefined
    at visit (/builds/***/node_modules/is-my-json-valid/index.js:366:70)
    at /build/***/node_modules/is-my-json-valid/index.js:416:9
    at Array.forEach (<anonymous>)
    at visit (/builds/***/node_modules/is-my-json-valid/index.js:409:18)
    at /builds/***/node_modules/is-my-json-valid/index.js:543:9
    at Array.forEach (<anonymous>)
    at visit (/builds/***/node_modules/is-my-json-valid/index.js:540:31)
    at compile (/builds/***/node_modules/is-my-json-valid/index.js:565:3)
    at visit (/builds/***/node_modules/is-my-json-valid/index.js:340:16)
    at /builds/***/node_modules/is-my-json-valid/index.js:416:9

[ambewas]

same problem here, and can't fix a version in our package.json due to it being a deeper dependency as well.

[hustcc]

/Users/xxx/Documents/git/d-vision/.eslintrc:
    Configuration for rule "no-use-before-define" is invalid:
Cannot read property 'concat' of undefined

Similar error.

如果不兼容，建议升级大版本。

[shuky19]

Same here, using eslint...

[somprabhsharma]

Similar error @mafintosh

[Wuvnen]

same problem here.

[vaail]

same problem here

[xiaoyang4011]

same problem here

[GottfridL]

same problem here using ember-cli-eslint and ember-cli-sass which take latest minor version upgrades.

[mateussmohamed]

same problem here!

[sebheitzmann]

+1

[Clement-TS]

Same here with standardjs

[jasollien]

Same here

[SonoAlien]

+1

[Ricardowouda]

Same problem here.

[Andrei997]

Same here with Nuxt.

[blgm]

I'm broken too. As a workaround, you can install the previous version of this module:

npm install is-my-json-valid@2.16

This gets StandardJS (and presumably ESLint) working, because they will just pick up the installed @2.16 if it's there.

@deBhal @LinusU, I guess you guys know the code better than most of us, so are probably in the best position to fix it. As a community, is there anything we can do to be helpful?

[vaail]

@mafintosh @LinusU @deBhal https://github.com/mafintosh/is-my-json-valid/pull/150

[sant0shg]

Same issue here

[l86110]

Same here

[ameya-kulkarni]

Same here

[spotscale]

Same issue here.

[kalanda]

Same here

[vzorge]

Same here.

[joachimhb]

Same here

[shahsank3t]

Same here.

[ncordin]

Same here

[louischan-oursky]

Same here

[satishwaghela]

Same here

[sameer79]

Same here

[EreMaijala]

I believe it's already obvious this is a major issue, so I'd like to suggest everyone to just subscribe on this issue instead of adding more "Same here" comments.

[voxpelli]

Fixed by #151 and released as 2.17.1 – thanks @LinusU for quick fix! 👍

[LinusU]

Fix published as 2.17.1, so sorry for any inconvenience caused!

[LinusU]

Super sorry for this 🙈

Will try to add more test coverage and possibly move to TypeScript to prevent this from happening again 👌

[akryvda]

Should we expect a hotfix in near future? :)

[LinusU]

@akryvda, it's already published: 2.17.1

[akryvda]

Thanks, for quick update! Will rerun our pipelines

[peterclifflm]

My build was failing but now is not. Fast work - thank you!

[LinusU]

2.17.0 have been deprecated on npm with the following message:

A bug in this version causes an exception to be thrown when using anyOf or oneOf, please upgrade to 2.17.1 instead

[rpadovani]

Thanks for your fast fix on this, keep up the good work :-)

[LinusU]

Would like to take this opportunity to plug lock files 🔒📝

By using npm 5 or newer, or yarn, a package-lock.json (or yarn.lock) file will automatically be created when adding or removing dependencies. This file will contain the exact version of every dependency (even the dependency of your dependencies, and so forth). Whenever npm install (or yarn) is run, it will look for this file and install the exact dependencies as the last time, thus ensuring that your builds are reproducible.

The file should be commited together with the rest of the code, so that everyone that works on the project have the same versions of every dependency, and so that the CI and deploy also uses the same versions.

More reading: "Yarn determinism" blog post, package-lock.json on npm docs, yarn.lock on yarn docs

Again, sorry for any inconvenience, hopefully this wont happen again, but I would advice everyone to start using lock files to minimize the impact if (when 😄) it happens the next time. If anyone is in London I'd be happy to buy you a beer and discuss lock files and JavaScript 😄

Cheers 🍻

[deBhal]

I'd also like to add my apologies to everyone inconvenienced, and my thanks to @LinusU and @shalevshalit @juliangruber @shalevshalit who all provided fixes so quickly while I was asleep.

Will try to add more test coverage

We did have tests here that looked pretty solid to me, so in addition to a PR here to cover this specific case (https://github.com/mafintosh/is-my-json-valid/pull/158) I've gone upstream to beef up the json-schema.org test-suite more generally as well (https://github.com/json-schema-org/JSON-Schema-Test-Suite/pull/211)