search

vaadin / platform

Vaadin platform 10+ is a Java web development platform based on Vaadin web components. If you don't know to which repository your bug report should be filed, use this and we'll move it to the right one.
https://vaadin.com
531 stars 78 forks source link

NPM Bundle needs different versions in Vaadin 24.4.4 #6549

Closed subITCSS closed 1 week ago

subITCSS commented 2 weeks ago

Describe the bug

We discoverd another problem with the new version: To create our sbom we check the npm references and getting this error:

npm error code ELSPROBLEMS
npm error invalid: @open-wc/dedupe-mixin@1.4.0 /node_modules/@open-wc/dedupe-mixin

The Issue we discovered is that the vaadin-bundles requires the fixed version of 1.3.1 for it image

while all components require the ^1.3.0 and as there is an 1.4.0 the system updates the dependency to 1.4.0 which clashes with the upper fixed definition. image

So based on this the Versions should be both fix or flexible using the ^.

Expected-behavior

Both versions are defined identical

Reproduction

Check the npm dependencies.

System Info

Vaadin 24.4.4

ZheSun88 commented 2 weeks ago

Thanks for the ticket.. i have applied the fix to vaadin/bundles.

subITCSS commented 1 week ago

When will this be solved/merged?- This should be available in the 24.4.5 cause it is causing our pipeline to stop

ZheSun88 commented 1 week ago

vaadin 24.4.5 has been released a few while ago. Can you test again?

subITCSS commented 1 week ago

So based on what i see - the version did not change/solve this. And based on the situatiuon that your PullRequest is still open - would clearify that.

ZheSun88 commented 1 week ago

ah, i see.. sorry for the inconvenience, i will ask the team to merge those PRs and make another release ASAP

ZheSun88 commented 1 week ago

Vaadin 24.4.6 has been released with the version fix in bundles