`qx package install` silently installs old versions

[johnspackman]

Running qx package install <packagename> can silently install an old version if you have not run qx package update in a while. Because this is specific to the installation on a computer, it's a problem that is not reproducable and takes some time & effort to debug.

See https://github.com/qooxdoo/qxl.apiviewer/issues/28

[cboulanger]

I think this has to do with the fact that the newest qxl.apiviewer releases are "prereleases", which is probably not what we want. I suggest we release all essential qxl libraries as v1.0.0 now and if we find problems, release patches. @hkollmann

[hkollmann]

When we do this they will depend on beta Framework and beta compiler. That's the reason i published them as beta. We can decide to do this.

[johnspackman]

but I had this problem using the released version of the compiler? IE I started with npm i -g @qooxdoo/compiler, it was just that my user account had an old cached package. I guess my ~/.qooxdoo/package-cache.json was out of date.

That's not a problem in itself, but there was no warning. Perhaps one fix would be to force qx package update if the project is newer that the cache for example, but without a fix it's hard to figure out what's going on..

[cboulanger]

My experience is that most/all of the qxl.* library releases that end with beta.X are marked as prereleases, so that if you update the normal way, you will get quite old "stable"/non-prerelease releases. If I am not mistaken, you have to do qx pkg update -p && qx pkg list -p explicitly to be able to install them in the first place. That's not good I think, we should have non-prerelease versions now to avoid having to explain this.

[hkollmann]

@cboulanger is right. Question is can we release with beta dependencies?

[cboulanger]

I think we can. For me, a beta dependency means "it will already work with the beta version of the dependency", not "this is beta because the dependency is beta" :-)

[johnspackman]

If I am not mistaken, you have to do qx pkg update -p && qx pkg list -p explicitly to be able to install them in the first place.

That is not what I did

I started with a brand new installation, brand new app, and asked it to install the latest version of qooxdoo/qxl.apiviewer. What qx package install actually did was install a very old one.

[cboulanger]

That's exactly what I mean... you need to add -p to get the latest prerelease version.

[johnspackman]

but i didnt have to do that on my mac?

[hkollmann]

I think we can. For me, a beta dependency means "it will already work with the beta version of the dependency", not "this is beta because the dependency is beta" :-)

What do the others think?

[hkollmann]

All qxl packages have stable versions now.

[johnspackman]

I must have missed something about what you're saying - my issue was not "should prerelease be counted", the issue was that two computers behave differently without any warning or explanation. I.E. even before @hkollmann updated all the releases to stable revisions, one computer would install the latest, and one would install one from months ago.

I don't think that this should be closed yet, but please @hkollmann & @cboulanger you could explain what I have missed?

[hkollmann]

Could you try it again?

Von meinem iPhone gesendet

Am 05.04.2020 um 13:27 schrieb John Spackman notifications@github.com:

 I must have missed something about what you're saying - my issue was not "should prerelease be counted", the issue was that two computers behave differently without any warning or explanation. I.E. even before @hkollmann updated all the releases to stable revisions, one computer would install the latest, and one would install one from months ago.

I don't think that this should be closed yet, but please @hkollmann & @cboulanger you could explain what I have missed?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[johnspackman]

unfortunately not - once I found the fix (run qx package update), it was too late to save a copy of my package-cache.json :(

[johnspackman]

A simple solution would be to either automatically run qx package update once the database is over a certain number of days old, or it at least give a warning.

[hkollmann]

That's an idea. Or do an check if update is needed. Let me think about