eleventy 0.11.0 dependency error

[GrantSmithDoddle]

This is most likely user error, but I am receiving a dependency error whilst trying to install eleventy-plugin-sitemap.

npm ERR! Found: @11ty/[email protected]
npm ERR! node_modules/@11ty/eleventy
npm ERR!   dev @11ty/eleventy@"^0.12.1" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer @11ty/eleventy@"^0.11.0" from @quasibit/[email protected]
npm ERR! node_modules/@quasibit/eleventy-plugin-sitemap
npm ERR!   dev @quasibit/eleventy-plugin-sitemap@"*" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry

[nunof07]

Seems like it's due to the eleventy version difference.

I will try to setup a reproduction later this week.

[wilpar]

same.

node_modules/pug
  @11ty/eleventy  <=0.11.1
  Depends on vulnerable versions of pug
  node_modules/@11ty/eleventy
    @quasibit/eleventy-plugin-sitemap  *
    Depends on vulnerable versions of @11ty/eleventy
    node_modules/@quasibit/eleventy-plugin-sitemap

[nunof07]

I had no problem running this plugin in a project running eleventy at ^0.12.1.

Please setup a reproduction or show me your package.json.

[jarrodconnolly]

I am also seeing this issue.
npm install on my project works using npm v6.14.12 and fails using v7.7.5

The following steps can reproduce this using npm v7.7.5

mkdir npm-test-11ty-sitemap
cd npm-test-11ty-sitemap
npm init -y
npm install @11ty/eleventy
npm install @quasibit/eleventy-plugin-sitemap

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: [email protected]
npm ERR! Found: @11ty/[email protected]
npm ERR! node_modules/@11ty/eleventy
npm ERR!   @11ty/eleventy@"0.12.1" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer @11ty/eleventy@"^0.11.0" from @quasibit/[email protected]
npm ERR! node_modules/@quasibit/eleventy-plugin-sitemap
npm ERR!   @quasibit/eleventy-plugin-sitemap@"*" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

I believe this is due to the change in NPM v7 to automatically install peerDependencies.
https://github.com/npm/rfcs/blob/latest/implemented/0025-install-peer-deps.md

Presently @quasibit/eleventy-plugin-sitemap has this set to:

  "peerDependencies": {
    "@11ty/eleventy": "^0.11.0"
  },

This falls into the special caret handling because 11ty is pre 1.0.0 as discussed here:
https://docs.npmjs.com/cli/v6/using-npm/semver#caret-ranges-123-025-004

This causes the current 0.12.1 version of 11ty not to match the ^0.11.0 causing a dependency conflict.

[nunof07]

Thanks for the detailed explanation @jarrodconnolly . I was using npm v6 so didn't notice this.

Not sure what's the best solution here, updating the peer dependency to the latest version?

I'll check this, this week.

[jarrodconnolly]

I believe if you update your peerDependencies to the latest 0.12 it would also force people to upgrade who are still using 11ty 0.11 which you are still compatible with afaik.

A good solution might be to be explicit and say:

"peerDependencies": {
    "@11ty/eleventy": ">=0.11.0 <0.13.0"
  },

Then you can reassess when 0.13.0 comes out and change if everything appears to be working.

You can play with this option and others here to get an idea what they will do:
https://jubianchi.github.io/semver-check/#/%3E%3D0.11.0%20%3C0.13.0/0.11.0

[github-actions]

🎉 This issue has been resolved in version 2.0.5 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[nunof07]

@jarrodconnolly thank you again, that was very useful.

I pushed a fix for this.