Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3.2.0 wrongly released as minor version #603

Closed
mariodu opened this issue Sep 11, 2018 · 45 comments
Closed

3.2.0 wrongly released as minor version #603

mariodu opened this issue Sep 11, 2018 · 45 comments
Labels
discussion This issue is requesting comments and discussion

Comments

@mariodu
Copy link

mariodu commented Sep 11, 2018

remove support for node.js v4 is a breaking change, should publish with major version.

@Qix- Qix- added the discussion This issue is requesting comments and discussion label Sep 11, 2018
@jtyjty99999
Copy link

+1

@dead-horse
Copy link

this module is widely used in node community, it is hard to pin the version of debug in application's package.json.

replace all let in ba8a424 with var can quickly resolve this problem, it doesn't hurts :)

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018


UPDATE: Everything should be back to normal. Read the post-mortem for more information.


image

Awkward.

Side effect of going so long between releases is stuff like this is missed.

Node 4 is out of LTS, and has been for a long while. It was last released in March of this year. The last non-LTS version was released in 2015. Please keep that in mind.

Here's what I'll do:

  1. babel-ify the current version back to the stone ages for those on Node 4
  2. release as 3.2.2 3.2.3 (3.2.0 wrongly released as minor version #603 (comment)) 3.2.4 (3.2.0 wrongly released as minor version #603 (comment))
  3. immediately deprecate >=3.2.0 <4 on npm
  4. release 4.0.0 that will be identical to 3.2.1

Is that acceptable?


UPDATE:


Everything should be back to normal. Read the post-mortem for more information.


tl;dr if you're seeing errors, make sure either 3.1.0 or 3.2.4 are being pulled. Package maintainers that use debug directly should try to upgrade to debug@4 if they don't need Node 4 support.

  • A non-breaking version has been released as 3.2.4. Before commenting here or opening a new issue, please make sure that is in fact the version being pulled if you're seeing errors. Otherwise, npm should be recognizing the deprecation ranges and instead reverting to 3.1.0 (which is probably what you want).

  • Versions debug@>=3.2.0 <4 have been deprecated. I have a support request in with npm regarding why the deprecation notice for 3.2.0 in particular isn't being shown, but it's being shown as deprecated correctly on the site.

  • Downstream packages that do not choose to support Node 4 (that should be everyone seeing as how Node 4 is out of LTS) should upgrade to debug@4. You'll likely see better performance than 3.2.3 due to that range being very highly babel-ified.

  • Downstream packages that must provide Node 4 support - if your ranges are set up to track minor changes, you shouldn't see any problems. Make sure that you're pinned to a range that, at the very least, stops at debug@4 (e.g. debug@<4). Starting at debug@4, Node 4 is no longer supported. We will not be distributing babel-ified versions for you - that will be up to you.

  • Browser users should avoid 3.2.0 but should otherwise be unaffected (unless you require support for IE 8/9 in which case make sure you're pulling 3.2.1 or later).

  • Users of debug that use require('debug/node') (which was originally a hotfix for babel-core that has since been removed) should pin to either < 3.2.0 or =3.2.4. You should also move away from using this import in lieu of just require('debug') as soon as possible because it never should have existed to begin with.

Post-mortem to come when it's determined the problems have been mitigated. I write some juicy[1] post-mortems[2] so stay tuned.

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018

@dead-horse That wouldn't work. There are a whole arsenal of things Node 4 doesn't support.

@Qix- Qix- changed the title break change [VISIBILITY] 3.2.0 wrongly released as minor version Sep 11, 2018
@dead-horse
Copy link

#603 (comment) seems good. 👍

@jtyjty99999
Copy link

Complete solution 👍

@mariodu
Copy link
Author

mariodu commented Sep 11, 2018

👍

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018

@mariodu @jtyjty99999 @dead-horse / anyone that's reading this: 3.2.2 is released.

Can one of the afflicted confirm that it fixes Node 4 for you?

@Qix- Qix- mentioned this issue Sep 11, 2018
@medikoo
Copy link
Contributor

medikoo commented Sep 11, 2018

Other problem is that with v3.2 node.js file was removed. Such change is also a breaking and should not be published with minor.

Still I'm not sure if any modules which explicitly relied on 3.x are affected.

I was affected but only because I pointed v3 to deps which expected v2 but for which v3.1 was still safe to use (e.g. babel-core which requires debug/node)

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018

@medikoo what was node.js being used for? It wasn't referenced in any of the meta-information that I could see, hence why it was removed.

debug had auto-detection in from a long time ago. Simply requiring debug in Node environments had the same effect as requiring debug/node.

If it's absolutely necessary I can re-add and release 3.2.3 but I'd much rather not do so.

EDIT: I see now. It was one of those things that shouldn't have happened in the first place.

https://github.com/babel/babel/blob/eac4c5bc17133c2857f2c94c1a6a8643e3b547a7/.github/CHANGELOG-6to5.md#3015 - a patch to debug to fix a niche use-case that was really the problem of another module. This is why maintainers are taking firm stances against that now.

@medikoo
Copy link
Contributor

medikoo commented Sep 11, 2018

@medikoo what was node.js being used for?

I'm not sure about intentions, but it was used here https://github.com/babel/babel/blob/v6.26.3/packages/babel-core/src/transformation/file/logger.js#L2

It wasn't referenced in any of the meta-information that I could see, hence why it was removed.

This module was publicly published, so removing it makes breaking change, no matter whether it was intentionally published or not

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018

This module was publicly published, so removing it makes breaking change, no matter whether it was intentionally published or not

Not necessarily - if it's not being used and it's not documented anywhere in the docs (nor does the source have any comments talking about what it's used for) then there was little chance in affecting the public API, hence no need to bump the major version.

a31178c was the commit that introduced it. It was a hot-fix for a completely unrelated module. There was even concern at the time (a31178c#commitcomment-20264787) about how it was blatant technical debt.

This is what happens when you introduce technical debt with no action-plan as to how to pay it back in the future - especially when you don't document it.


I'll re-introduce node.js in 3.2.3 begrudgingly for those using an outdated babel-core.

@medikoo
Copy link
Contributor

medikoo commented Sep 11, 2018

I'll re-introduce node.js in 3.2.3 begrudgingly for those using an outdated babel-core

Thank you!

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018

No problem. 3.2.3 is published - @medikoo can you confirm that fixes it for you?

@medikoo
Copy link
Contributor

medikoo commented Sep 11, 2018

No problem. 3.2.3 is published - @medikoo can you confirm that fixes it for you?

As I look, there's no node.js published with v3.2.3

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018

@medikoo right you are. Here we go again. 3.2.4 has it - give that a shot. Surprised npm didn't tell me "nothing changed" when publishing.

Qix- referenced this issue Sep 11, 2018
@rarkins
Copy link

rarkins commented Sep 11, 2018

@Qix- you just accidentally deprecated the entire package on npm:

image

@rarkins
Copy link

rarkins commented Sep 11, 2018

If you deprecate the version which is tagged as latest, then npmjs considers the entire package to be deprecated. Please publish 3.2.5 as latest without a deprecation notice OR set 4.0.0 as latest.

@Qix-
Copy link
Member

Qix- commented Sep 11, 2018

You're being cached. You're looking at 3.2.4 which is correctly deprecated. Give it a few minutes and npm will show 4.0.0 as latest.

image

Not sure why npm is showing This package has been deprecated instead of This version of this package has been deprecated. All of my deprecate commands were run with very specific ranges/versions.

@rarkins
Copy link

rarkins commented Sep 11, 2018

@Qix- npmjs has tagged 3.2.4 as latest, not 4.0.0. Quickest way right now to fix this would be for you to publish a 4.0.1 so that it takes over latest again

Look at http://registry.npmjs.org/debug and https://www.npmjs.com/package/debug

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
discussion This issue is requesting comments and discussion
Development

No branches or pull requests