Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependencies mismatch across some packages #6613

Open
3 of 4 tasks
ernestostifano opened this issue Nov 1, 2024 · 3 comments
Open
3 of 4 tasks

Dependencies mismatch across some packages #6613

ernestostifano opened this issue Nov 1, 2024 · 3 comments
Assignees
@zshzbh
Labels
feature-request New feature or enhancement. May require GitHub community feedback. p3 This is a minor priority issue queued This issues is on the AWS team's backlog

Comments

@ernestostifano
Copy link

Checkboxes for prior research

Describe the bug

We have the following dependency chain:

  • @aws-sdk/client-s3@npm:3.682.0 -> @aws-crypto/sha1-browser@npm:5.2.0 -> @smithy/util-utf8@npm:2.3.0

Which is not compatible with other SDK packages' chains, e.g.:

  • @aws-sdk/client-dynamodb@npm:3.682.0 -> @smithy/util-utf8@npm:3.0.0
  • @aws-sdk/client-iot -> @smithy/util-utf8@npm:3.0.0
  • @aws-sdk/middleware-sdk-s3@npm:3.682.0 -> @smithy/util-utf8@npm:3.0.0
  • ...

This causes two different versions of @smithy/util-utf8 and its dependecies to be bundled in our app.

There are also issues with some semver declarations in other packages, e.g.:

  • @aws-sdk/client-sqs@npm:3.682.0 -> @aws-sdk/middleware-sdk-sqs@npm:3.679.0 (3.679.0 is fixed).

Regression Issue

  • Select this option if this issue appears to be a regression.

SDK version number

@aws-sdk/*@3.682.0

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

v21.7.3

Reproduction Steps

N/A.

Observed Behavior

See description.

Expected Behavior

Versioning of the SDK packages to be consistent to avoid different versions of modules being bundled together.

Possible Solution

Make sure all packages are bumped together and that correct semver syntax is being used when declaring dependencies.

In the meantime, we are using Yarn Resolutions to mitigate. However, this is risky across major versions like in the case of @smithy/util-utf8@npm:2.3.0/@smithy/util-utf8@npm:3.0.0.

Additional Information/Context

N/A.
@ernestostifano ernestostifano added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 1, 2024
@zshzbh zshzbh self-assigned this Nov 1, 2024
@kuhe kuhe added feature-request New feature or enhancement. May require GitHub community feedback. p3 This is a minor priority issue queued This issues is on the AWS team's backlog and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 1, 2024
@kuhe
Copy link
Contributor

kuhe commented Nov 1, 2024

This is not a bug, our dependency wants to use a specific version of util-utf8 and we want to use another version. Your application bundle will function correctly whether you override @smithy/util-utf8 to a single version or include the nested version.

Please create a request to https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser to release a version using ^3.0.0 of util-utf8.

@zshzbh
Copy link
Contributor

zshzbh commented Nov 1, 2024

Hey @ernestostifano ,

Thanks for the feedback! I just checked the codebase -

aws-sdk/client-s3 version 3.682 has dependency of "@smithy/util-utf8": "^3.0.0",

@aws-crypto/sha1-browser has dependency of "@smithy/util-utf8": "^2.0.0",

Think the request would be updating the version to ^3.0.0

@zshzbh zshzbh mentioned this issue Nov 1, 2024
Open
@zshzbh
Copy link
Contributor

zshzbh commented Nov 1, 2024

I just created a request - aws/aws-sdk-js-crypto-helpers#847.
Please let us know if you have any other questions.

Thanks!
Maggie

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zshzbh zshzbh

Labels
feature-request New feature or enhancement. May require GitHub community feedback. p3 This is a minor priority issue queued This issues is on the AWS team's backlog
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kuhe @ernestostifano @zshzbh