release notes?

[ahdinosaur]

hi, i'm trying to upgrade Patchwork from scuttlebot@11.4.2 to the latest scuttlebot@12.2.0, but it's not working for reasons i haven't been able to figure out yet. :sweat_smile:

i really want to link to unboxed private messages! https://github.com/ssbc/secure-scuttlebutt/pull/220

are there any release notes on (potentially) breaking changes and new features?

if not, i reckon that would be sweet as. :honey_pot:

/cc @dominictarr @arj03 @mmckegg

[ahdinosaur]

huh, i guess i had to upgrade ssb-keys and ssb-config, that's confusing.

[arj03]

You might find this thread interesting: https://github.com/ssbc/patchbay/pull/258

I did actually do release notes here:

https://github.com/ssbc/scuttlebot/releases

But maybe there are better in this repo?

[dominictarr]

but it's not working

what kind of not working? I don't think there should have been any breaking changes.

[ahdinosaur]

@arj03 oh cool! i think it's great to do it in the scuttlebot repo. my only suggestion would be to include information for developers who are upgrading, for example that the new version of scuttlebot depends on new versions for ssb-config, ssb-keys, and (i just learned in some way) ssb-ref.

[ahdinosaur]

what kind of not working? I don't think there should have been any breaking changes.

@dominictarr

without ssb-keys@latest, i see an error (TypeError: ssbKeys.unboxKey is not a function) as mentioned in https://github.com/ssbc/secure-scuttlebutt/pull/220#issuecomment-423675550.

without ssb-config@latest, the sbot server somehow wouldn't be running, because neither Patchwork nor git-ssb would be able to connect to it. this was the most confusing because i had no idea why the sbot server wasn't running. i still have no idea but i'm focused on the feature i want to implement.

i think ssb-ref@latest is also related to the private message changes, it works without the upgrade, but it would be nice to know when changes for a given release are related to changes in our micro-dependencies, i had to waste my time looking through a heap of commits and issues to understand what was happening.

[dominictarr]

@ahdinosaur what action did you use to upgrade? I'm curious because if you reinstalled you'd get these updates right?

[ahdinosaur]

what action did you use to upgrade?

@dominictarr

npm install

if you reinstalled you'd get these updates right?

i guess not, because those are also direct dependencies in Patchwork?

does this mean we should be using peerDependencies in scuttlebot to say which versions of core modules are expected when using a version of scuttlebot?

or, as per my original post, i still think it would be helpful if release notes included an overview of all the changes (across all the modules) that went into a given release. i think it's a poor developer experience to expect each person to spend a heap of time sleuthing around to understand what changed.

[dominictarr]

I figured that this might be a package-lock.json thing, so I checked out 185229fa345709522585eef3235f94bf36149caa and installed, I've disabled my package-lock, so I did npm install --package-lock, then npm ls ssb-keys

ssb-patchwork@3.10.1 /home/dominic/c/patchwork
+-- patchcore@1.28.0
| +-- ssb-client@4.5.7
| | `-- ssb-keys@7.0.16  deduped
| +-- ssb-feed@2.3.0
| | `-- ssb-keys@7.0.16  deduped
| `-- ssb-keys@7.0.16  deduped
+-- scuttle-blog@1.0.0
| `-- ssb-keys@7.0.16  deduped
+-- scuttlebot@11.4.2
| +-- secure-scuttlebutt@18.2.0
| | `-- ssb-keys@7.0.16  deduped
| `-- ssb-keys@7.0.16  deduped
+-- ssb-backlinks@0.7.3
| `-- ssb-keys@7.0.16  deduped
+-- ssb-keys@7.0.16 
`-- ssb-private@0.2.3
  `-- ssb-keys@7.0.16  deduped

Okay, so it installed secure-scuttlebutt@18.2 but it didn't upgrade the deps, I guess because it deduped it to the one already in the package.json even though patchwork would have resolved to 7.1.2, if you installed it without package lock... or deleted package-lock then installed again. basically, package-lock has been more trouble than it's worth for me...

---

Another possibility, that I strongly recommend considering: install scuttlebot-release instead of scuttlebot, then you'll get a shrinkwraped release of scuttlebot that someone actually ran the tests on and thus is known good (as far as the tests can tell us at least).

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.