Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Emergency downgrade some deps to unbreak pacote, publishing #1087

Merged
merged 2 commits into from
Oct 23, 2024
Merged

Emergency downgrade some deps to unbreak pacote, publishing #1087

merged 2 commits into from
Oct 23, 2024

Conversation

jakebailey
Copy link
Member

@jakebailey jakebailey commented Oct 23, 2024
edited
Loading

Before #1082, pacote returned:

{
  name: '@types/commander',
  version: '2.12.5',
  dependencies: { commander: '*' },
  dist: {
    integrity: 'sha512-YXGZ/rz+s57VbzcvEV9fUoXeJlBt5HaKu5iUheiIWNsJs23bz6AnRuRiZBRVBLYyPnixNvVnuzM5pSaxr8Yp/g==',
    shasum: '8be6f1452747452c5b744275155ff358e9eda77e',
    tarball: 'https://registry.npmjs.org/@types/commander/-/commander-2.12.5.tgz',
    fileCount: 4,
    unpackedSize: 1746,
    signatures: [ [Object] ]
  },
  deprecated: 'This is a stub types definition. commander provides its own type definitions, so you do not need this installed.',
  _id: '@types/[email protected]',
  _resolved: 'https://registry.npmjs.org/@types/commander/-/commander-2.12.5.tgz',
  _from: '@types/commander@*',
  _integrity: 'sha512-YXGZ/rz+s57VbzcvEV9fUoXeJlBt5HaKu5iUheiIWNsJs23bz6AnRuRiZBRVBLYyPnixNvVnuzM5pSaxr8Yp/g==',
  _signatures: [
    {
      keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA',
      sig: 'MEQCIA8a/3+Jn4DdoZavhtqQFqw9QSQstmcsKc3zmt+zHr28AiBIanGgTZRC+/M0Yn1RUzWUx5uq9jOpVwQg4+qAVKW72w=='
    }
  ]
}

But now it returns:

{
  name: '@types/commander',
  version: '2.12.0',
  dependencies: { commander: '*' },
  dist: {
    shasum: 'a4b5aa757f53d23646054a496a04e97a66315387',
    tarball: 'https://registry.npmjs.org/@types/commander/-/commander-2.12.0.tgz',
    integrity: 'sha512-DDmRkovH7jPjnx7HcbSnqKg2JeNANyxNZeUvB0iE+qKBLN+vzN5iSIwt+J2PFSmBuYEut4mgQvI/fTX9YQH/vw==',
    signatures: [ [Object] ]
  },
  _id: '@types/[email protected]',
  _resolved: 'https://registry.npmjs.org/@types/commander/-/commander-2.12.0.tgz',
  _from: '@types/commander@*',
  _integrity: 'sha512-DDmRkovH7jPjnx7HcbSnqKg2JeNANyxNZeUvB0iE+qKBLN+vzN5iSIwt+J2PFSmBuYEut4mgQvI/fTX9YQH/vw==',
  _signatures: [
    {
      sig: 'MEYCIQCe/5wnTvPanbEbc3V108xZdRJ4xjtYzJ1OyW6AjkXIEgIhAMR1V9r6NMbvckSWh2EUiiH9De5SYpuKsi2beVRgi+Ho',
      keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA'
    }
  ]
}

Note that there's no deprecated field.

There's something wrong in the transitive deps of pacote. I've reverted the lockfile, then fixed things until we compiled again, and retested that we get the right result again.

@jakebailey jakebailey merged commit 9e9f2ed into microsoft:main Oct 23, 2024
7 checks passed
@jakebailey jakebailey deleted the fix-lock-pacote branch October 23, 2024 03:16
@jakebailey
Copy link
Member Author

This worked. The thing I'm seeing is that at some point, transitive deps of pacote started filtering out deprecated versions; note the version numbers listed above.

I think the problem was almost assuredly npm/npm-pick-manifest#33 given we went from [email protected] to [email protected].

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandersn sandersn Awaiting requested review from sandersn sandersn is a code owner

@andrewbranch andrewbranch Awaiting requested review from andrewbranch andrewbranch is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jakebailey