Closed web-padawan closed 3 years ago
So to fix this and keep consistent builds (not using ^
and let npm pick newer versions), could we just read all the versions from e.g. https://github.com/vaadin/vaadin-core-shrinkwrap/blob/master/npm-shrinkwrap.json or from vaadin_versions.json
?
as soon as a newer alpha
Is this only a problem for prereleases ? I understood based on earlier discussion that it is the same for stable versions, but need to clarify @web-padawan
Yes, if all the versions for transitive dependencies from that JSON file are pinned in package.json
including vaadin-overlay
, vaadin-element-mixin
etc for example to 20.0.0-alpha1
then a newer version will not be installed.
I tested this locally with a basic npm project and got a flat tree without duplicates using the following versions:
This ticket/PR has been released with platform 20.0.0.beta2. For prerelease versions, it will be included in its final version.
@web-padawan WDYT could this issue reproduce in Vaadin 14-series too ? The related Flow fix has not been backported yet but it seems to be stable.
I would say in theory this problem could also happen in Vaadin 14 if we make a patch release of vaadin-overlay
.
But unlike in the monorepo, we don't bump versions for individual components on every transitive dependency release.
So the fix probably should be backported to prevent such cases, although I'm not sure if this ever happens.
This ticket/PR has been released with platform 14.7.0.beta1 and is also targeting the upcoming stable 14.7.0 version.
Description of the bug / feature
When using npm for Vaadin 20, some transitive dependencies are not locked (in particular,
vaadin-overlay
). This causes duplicates as soon as a newer alpha of the web components is released from the monorepo.Minimal reproducible example
Here is how to reproduce the issue:
pom.xml
to 20.0.0.alpha5mvn spring-boot:run
vaadin.pnpm.enable = false
rm -rf node_modules target
mvn spring-boot:run
Expected behavior
All the Vaadin components should use the consistent version (in this case
20.0.0-alpha2
)Actual behavior
Pinned components use a fixed version (e.g.
20.0.0-alpha2
) but their transitive dependencies might use newer versions when available (e.g.20.0.0-alpha3
) causing duplicates and conflicts.Versions: