Wrong `bun upgrade` behavior in 1.1.22

[zoto-ff]

What version of Bun is running?

1.1.22-canary.96+df33f2b2a (actually installed with --stable)

What platform is your computer?

Darwin 23.5.0 arm64 arm

What steps can reproduce the bug?

1. run bun upgrade from previous version or bun upgrade --stable
2. run bun upgrade from stable 1.1.22 or 1.1.22-canary

What is the expected behavior?

1. it installs stable 1.1.22 version
2. it says "you are already on 1.1.22"

What do you see instead?

1. 1.1.22-canary.96+df33f2b2a
2. 1.1.22-canary.1+9d74b5bdc

[eswat2]

i'm seeing this same behavior, it's always wanting to install the canary build when i do an upgrade...

[TiBianMod]

m2

[zoto-ff]

you forgot to update LATEST

[Jarred-Sumner]

The bug is that I messed up when uploading the release assets. Previously, this step in the release was automated but we switched to a new CI and that isn’t automated yet.

We will fix this in the next release, probably by forcibly moving everyone to stable for a little bit

[LudvigHz]

This is also true for the 1.1.22 on dockerhub (and latest):

$ docker run --rm -it oven/bun:1.1.22 bun --revision

1.1.22-canary.96+df33f2b2a

Any plans to overwrite the 1.1.22 release tag with the correct asset?

This isn't a huge problem as long as 1.1.22-canary.96+df33f2b2a doesn't include any bugs or issues that might have unintended consequences, but a lot of people are going to run this in production thinking it's running the latest stable version correctly (including myself).

[is-jonreeves]

For what its worth, same issue on Windows 10...

## Check Current Version
bun --version
# > 1.1.22

## Check if Upgrade available (now forces to canary)
bun upgrade
# > [9.67s] Upgraded.
# > 
# > Welcome to Bun's latest canary build!

## Check if Upgrade available again (now confirms on canary)
bun upgrade
# > Congrats! You're already on the latest canary build of Bun
# > 
# > To downgrade to the latest stable release, run bun upgrade --stable

## Downgrade (to forcefully get back to stable)
bun upgrade --stable
# > Downgrading from Bun 1.1.23-canary to Bun v1.1.22
# > [10.01s] Upgraded.
# > 
# > Welcome to Bun v1.1.22!

[medz]

It is worth noting! In 1.1.22-canary, npmmirror.com was used, which caused all my projects to fail to install dependencies normally #13221

In addition, this feature is related to #12936, a closed PR was actually released in the official version! This is terrible!

[medz]

@Jarred-Sumner You should have done a minor update to fix this error immediately, instead of waiting for the next release! And it's been two days!

This version uses npmmirror.com, which makes all my projects unable to install dependencies and run programs normally.

My temporary solution now is to return to NPM and Node.

If such a serious mistake occurs, you should remedy it immediately instead of waiting for the next release. The canary version may not have a serious impact on users in non-China regions, but Chinese users are forced to use npmmirror.com, which makes many projects unable to install dependencies.

[Jarred-Sumner]

@medz this version is not using npmmirror.com, that PR's code was never merged. you can look at the commit from bun --revision to verify this.

Maybe you have an environment variable set for NPM_CONFIG_REGISTRY?

[medz]

@Jarred-Sumner

seven@skill-MacBook-Pro PANews % bun --revision
1.1.22-canary.96+df33f2b2a
seven@skill-MacBook-Pro PANews % echo $NPM_CONFIG_REGISTRY

At the same time, I didn't set up npmrc configuration, nor any registry.

I started downloading slowly and thought it was a problem that I forgot, until I completely deleted npm/node/bun and reinstalled it, I found that npm correctly downloaded from the npm registry, while bun install downloaded from npmmirror.

In addition, my country is China and the computer language is Chinese. After I banned *.npmmirror.com access in the network settings, Bun could not download any package and threw an error. → #13221

[Jarred-Sumner]

Bun reads .npmrc, bunfig.toml, and $NPM_CONFIG_REGISTRY. Did you check none of those reference npmmirror.com? Does your lockfile reference npmmirror.com? In certain cases Bun will persist download urls into the lockfile for tarballs. Note that Bun will also migrate package-lock.json -> bun.lockb if no bun.lockb exists.

[medz]

@Jarred-Sumner

My computer had been fully migrated to Bun before this, and Node was uninstalled. I installed Node and NPM because of this problem

I confirmed that there is no registry setting for npmmirror anywhere

[Jarred-Sumner]

Is there a bun.lockb anywhere? That is the most likely case otherwise.

[medz]

I don't have any Node stuff on my computer since Bun 1.0 was released. All project runs and PMs are done with Bun, no migration from package-lock.json. Projects were also created with bun. I haven't used Node on my computer for a year, and I installed Node today after this problem occurred to solve the problem of my project not running properly and installing dependencies.

[medz]

In addition, I deleted the bun.lockb file, node_modules directory, and the ~/.bun/install/cache directory, and then ran bun install. As long as I disabled access to npmmirror, the dependencies could not be installed. Allowing access to npmmirror would make the installation very slow and likely to fail (the reason is that although I am in China, my computer uses VPN to access China, which is very unstable), but accessing the npm registry is very fast.

[medz]

@Jarred-Sumner My guess is that when you manually built version 1.1.22, you forgot to switch git branches and built it in jarred/cnpm, which affected the normal functions of Chinese users.

[Jarred-Sumner]

My guess is that when you manually built version 1.1.22, you forgot to switch git branches and built it in jarred/cnpm

No, this is not accurate. The commit corresponds to https://github.com/oven-sh/bun/commit/df33f2b2a264912c7a742d0c03587082415fbba6. I'm not sure what's going wrong in your case.

And, the build artifacts were from CI, not my local computer.

[medz]

I reverted to 1.1.21 to fix this issue. I just manually installed the 1.1.21 version of Bun from git and it does not access npmmirror but downloads packages from the NPM registry normally

[medz]

@Jarred-Sumner Another thing worth celebrating is that after I upgraded to Bun v1.1.23-canary.23 (23aa4f29), the problem was also solved. The problem with users in China using npmmirror only appeared on 1.1.22.

[medz]

After upgrading to 1.1.23, running bun install behaves normally, and outputting the yarn.lock file using bun install --yarn shows that there is no npmmirror.

1.1.22 downloads everything from the npmmirror registry.

[medz]

@Jarred-Sumner Therefore, I suggest that we release the stable version 1.1.23 immediately and change the original plan of 1.1.23 to 1.1.24 to solve the abnormal behavior of 1.1.22.

[Jarred-Sumner]

@medz I am confident this was a configuration issue in your environment caused by either a stale lockfile (bun.lockb or package-lock.json), environment variable, cache, or configuration file. You can verify that there is no npmmirror.com in the binary.

[medz]

@Jarred-Sumner But to verify it, I deleted bun.lockb/node_modules//~/.bun/install/cache//~/.npm, and I performed the same operation for both 1.1.22 and 1.1.23. In addition, my project never had a package-lock.json file.

And 1.1.22 executed bun install to access npmmirror.com. The same operation, whether reverting to 1.1.21 or upgrading to 1.1.23, normally accessed npmjs.org

[medz]

@Jarred-Sumner However, thanks for your reply. Maybe I am the only one affected (my environment and my blacklist both prohibit npmmirror.com from accessing).

At least I have upgraded to Bun 1.1.23 Canary version and the problem no longer exists, which can be regarded as a disguised solution. Sorry, I don't have enough time to continue to verify this issue. I have been busy finding the cause and solving it since the problem occurred last night.

Therefore, I have to develop my project now, and it will not be a problem for me when the official version of 1.1.23 is released in the future. Of course, I can also use the Canary version. The only problem for me at present is that I need to fix the Bun version of my online environment to 1.1.21 instead of latest.

After a few hours of feedback, I actually hope that Bun can be better. Errors like version 1.1.22 should not appear.

[zoto-ff]

1.1.22 upgrades to 1.1.24-canary without --stable flag

[Jarred-Sumner]

@zoto-ff bun upgrade is sticky to the current build's release channel. Since 1.1.22 was a canary build, bun upgrade upgrades to the canary build.

You can run bun upgrade --stable and it will upgrade to 1.1.23 as expected, and bun upgrade in 1.1.23 will only upgrade to 1.1.24 once released. Or you can reinstall and it will do the same.

[zoto-ff]

bun upgrade in 1.1.23 will only upgrade to 1.1.24 once released

👌

[gitblit]

Super minor: bun upgrade --stable is not documented in --help, but it is mentioned if you attempt to upgrade on canary when there is no update.