Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warn users about large discrepancies between specified version range and resolved version #896

Open
lilacstella opened this issue Jul 18, 2024 · 0 comments

Comments

@lilacstella
Copy link

Currently, the buildpack does not alert users when there is a significant discrepancy between the specified version range in their configuration and the actual resolved version. This can lead to scenarios where users unintentionally end up with much newer versions of dependencies than expected, potentially causing compatibility issues or unexpected behavior. For example, specifying a version range of >=1.21.1 might resolve to version 4.3.1 at a later date, which could lead to unforeseen issues.

To improve user experience and prevent potential problems, the buildpack should warn users when there is a large difference between their specified version range and the resolved version. This will help users stay informed about significant changes and ensure their applications run as expected.

Actual Output:

[builder] [Setting up yarn dependency cache]
[builder] ➤ YN0000: Successfully set enableGlobalCache to false
[builder] ➤ YN0000: Successfully set cacheFolder to '/layers/heroku_nodejs-yarn/deps/cache'
[builder]
[builder] [Installing dependencies]
[builder] ➤ YN0087: Migrated your project to the latest Yarn version 🚀
[builder]
[builder] ➤ YN0000: · Yarn 4.3.1
[builder] ➤ YN0000: ┌ Project validation
[builder] ➤ YN0057: │ discourse2: The override for '**/unset-value' includes a glob pattern. Glob patterns have been removed since their behaviours don't match what you'd expect. Set the override to 'unset-value' instead.
[builder] ➤ YN0000: └ Completed
[builder] ➤ YN0000: ┌ Resolution step
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT Packing ember-cli-htmlbars@https://github.com/ember-cli/ember-cli-htmlbars.git#commit=671b3953f1c7ca5c53cfb84fe49b1cac31764c2a from sources
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT Using Yarn Classic for bootstrap. Reason: "__metadata" key not found in yarn.lock, must be a Yarn classic lockfile
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT ➤ YN0000: Downloading https://classic.yarnpkg.com/latest.js
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT ➤ YN0000: Saving the new release in .yarn/releases/yarn-classic.cjs
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT ➤ YN0000: Done in 2s 907ms
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT yarn install v1.22.22
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT [1/5] Validating package.json...
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT [2/5] Resolving packages...
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT [3/5] Fetching packages...
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT Packing squoosh@https://github.com/discourse/squoosh.git#commit=dc9649d0a4d396d1251c22291b17d99f1716da44 from sources
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT Using npm for bootstrap. Reason: found npm's "package-lock.json" lockfile
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT added 829 packages, and audited 830 packages in 13s
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT 29 vulnerabilities (1 low, 7 moderate, 17 high, 4 critical)
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT To address issues that do not require attention, run:
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT   npm audit fix
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT To address all issues (including breaking changes), run:
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT   npm audit fix --force
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT Run `npm audit` for details.
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDERR npm notice
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDERR npm notice New patch version of npm available! 10.8.1 -> 10.8.2
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDERR npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.8.2
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDERR npm notice To update run: npm install -g [email protected]
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDERR npm notice
[builder] ➤ YN0000: │ /tmp/xfs-8717dbb7 STDOUT squoosh-2.0.0.tgz
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT [4/5] Linking dependencies...
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDERR warning " > [email protected]" has unmet peer dependency "@glimmer/component@^1.1.2".
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDERR warning "ember-source > [email protected]" has unmet peer dependency "rsvp@^4.8.5".
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT [5/5] Building fresh packages...
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT Done in 74.94s.
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT yarn pack v1.22.22
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT success Wrote tarball to "/tmp/xfs-1ce49577/package.tgz".
[builder] ➤ YN0000: │ /tmp/xfs-1ce49577 STDOUT Done in 0.15s.
[builder] ➤ YN0085: │ + @babel/core@npm:7.24.7, @babel/standalone@npm:7.24.7, @colors/colors@npm:1.6.0, @discourse/backburner.js@npm:2.7.1-0, and 1744 more.
[builder] ➤ YN0000: └ Completed in 1m 32s
[builder] ➤ YN0000: ┌ Post-resolution validation
[builder] ➤ YN0060: │ @uppy/core is listed by your project with version 3.0.4 (p25b6d), which doesn't satisfy what @uppy/aws-s3-multipart and other dependencies request (^3.2.1).
[builder] ➤ YN0060: │ @uppy/core is listed by your project with version 3.0.4 (p53089), which doesn't satisfy what @uppy/aws-s3-multipart and other dependencies request (^3.2.1).
[builder] ➤ YN0060: │ ember-source is listed by your project with version 5.5.0 (pfbc9a), which doesn't satisfy what ember-this-fallback requests (^3.28.11 || ^4.0.0).
[builder] ➤ YN0060: │ ember-template-lint is listed by your project with version 5.13.0 (p75523), which doesn't satisfy what @discourse/lint-configs and other dependencies request (but they have non-overlapping ranges!).
[builder] ➤ YN0002: │ dialog-holder@workspace:app/assets/javascripts/dialog-holder doesn't provide @babel/core (p9c272), requested by ember-cli-babel.
[builder] ➤ YN0002: │ discourse-plugins@workspace:app/assets/javascripts/discourse-plugins doesn't provide ember-source (pfad07), requested by ember-this-fallback.
[builder] ➤ YN0002: │ discourse2@workspace:. doesn't provide @glimmer/component (p15621), requested by @glint/environment-ember-loose.
[builder] ➤ YN0002: │ theme-transpiler@workspace:app/assets/javascripts/theme-transpiler doesn't provide @glimmer/component (pe3a75), requested by ember-source.
[builder] ➤ YN0086: │ Some peer dependencies are incorrectly met by your project; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code.
[builder] ➤ YN0086: │ Some peer dependencies are incorrectly met by dependencies; run yarn explain peer-requirements for details.
[builder] ➤ YN0028: │ The lockfile would have been modified by this install, which is explicitly forbidden.
[builder] ➤ YN0000: └ Completed
[builder] ➤ YN0000: · Failed with errors in 1m 32s
[builder]
[builder] [Error: Yarn install error]
[builder] Yarn install error: Yarn command finished with a non-zero exit code: exit status: 1
[builder] ERROR: failed to build: exit status 1
ERROR: failed to build: executing lifecycle: failed with status code: 51

Expected Outcome:

When there is a large discrepancy between the specified version range and the resolved version, the buildpack should:

  1. Detect significant differences between the specified version range and the resolved version.
  2. Output a warning message informing the user about the discrepancy.
  3. Advise the user to review and adjust the specified version range if necessary to ensure compatibility and expected behavior.

The warning message could be something like this:

[Warning] Significant discrepancy detected between the specified version range (>=1.21.1) and the resolved version (4.3.1). Using a different major version may lead to unexpected behavior. 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant