2.0.0 solana-program release causing issues due to <=2.0.0 on patch upgrades.
#6897
Comments
|
I ran into a lot of these issues while publishing the last spl-token-cli, so there are compatible major versions that already exist in spl:
There are some more:
With that, I think everything will be ok -- if people use the newest versions, they'll still get the version that allows for both, so they'll need to be careful with dependencies, but at least the patch version won't automatically pick it up |
|
But first, we'll need to update the monorepo to the correct versions |
|
Thankfully, it looks like just spl-token needs an update 🥳 |
|
Bah, never mind, it unfortunately creates more downstream issues due to the version mismatches for the new spl-token major versions. The real solution will be a lot like the proposed solution:
|
|
Don't you want to republish the old versions as well without the |
|
Sorry, I don't think I understand -- shouldn't the existing pre-patch versions without the
|
|
Using I think the correct remediation is:
Which would give us this: Hopefully we won't have to do much with the new branches (for all the old major versions) but without them we don't have a way to publish new patches to replace the yanked versions. I think this is consistent with Jacob & Jon's proposals above. Any thoughts on this plan before I start yanking crates? |
|
I'm almost onboard, but my main question: why do we need 4.0.2? Also, we can't yank 4.0.1 until the monorepo is updated and backported since it requires My plan is to leave a major version that allows both, like v5.0.0, but then have v6.0.0 which only allows 2 Edit: oh, and we won't be able to update the monorepo to 4.0.0, 4.0.2, or 5.0.0 😅 which is why I think we need to bite the bullet and upgrade all of the spl crates to v2 only and then update the monorepo to those |
|
Oh yeah, good point about needing a new major to remove the monorepo dependency. Maybe we don't need 4.0.2. My thinking was we don't really support v1.16 or v1.17 on public clusters anymore, so I don't want people using 4.0.0. But hopefully projects that use 4.0.0 don't have monorepo dependencies pinned and will pick up v1.18 by default. I guess if anyone is pinned to v1.16 that can be their problem. I'll update my comment above shortly |
I was worried someone was pinning |
If you were to republish without the |
We can publish new patch versions (eg 4.0.2) but I don't want to re-publish yanked versions with changes. Too much opportunity for confusion |
|
Everything has been yanked except for spl-type-length-value v0.3.1 (waiting on cavemanloverboy/sol#11) and spl-token v4.0.1 (waiting on new release of Solana v2 crates) |
|
I yanked spl-type-length-value v0.3.1, which has resolved some of the issues. For example, |
|
What is left on this? |
|
Once solana-program 2.0.2 is cut, I'll yank spl-token 4.0.1, then this will be done |
|
@joncinque I'm questioning why we aren't creating a patched
We need it because the versions of some dependencies in This is probably the case for many of the other libraries which used |
|
@joncinque if we do create a |
|
Oh that's a good call -- I'll republish 4.0.0 as 4.0.2 to be totally safe. |
|
Just to make sure -- how does that sound @jacobcreech ? |
|
We need patch releases with only Solana v1 dependence for all SPL crates that #6182 changed to fully fix this issue. |
@acheroncrypto all of the ones allowing v2 have been yanked except for spl-token -- have you seen any other still causing issues? |
I don't believe that will completely work. Looking at the diff between 4.0.1 and 4.0.0, there's a decent amount of versions in 4.0.0 that'll put us back a bit. The above comment states some of them. Correct me if I'm wrong, but I believe the quickest path forward would be to revert #6182 on top of |
How so? When I look at the crates, pretty much all I see is that SPL allows both v1 and v2 in the latest versions before the v2 exclusive breaking bumps. Here are some examples other than
These versions were the latest versions before v2 got released. They are also the versions that are used by the latest Yanking is also worse than making a patch release with #6182 reverted in this case, not only because of the outdated dependencies mentioned in #6897 (comment), but also because it won't even work for most of the SPL crates. For example, let's take |
|
This seems to have been fixed with the new patch releases, as Anchor CI succeeds now. Thanks! |
|
Looks like with the patch releases done, this issue is now completed. Thanks all for all the work involved to get this over the line! |
Problem
solana-programupgraded to2.0.0on Friday, leading to a number of builds across the ecosystem because of the<=2.0.0in a patch version upgrade on #6182.The problematic dependencies are as follows:
spl-podversion0.1.1-> Previous version0.1.0did not have<=2.0.0. Upgrade on patch broke some buildsspl-token-metadata-interfaceversion0.2.1-> Previous version0.2.0did not have<=2.0.0. Upgrade on patch broke some buildsspl-associated-token-accountversion2.3.1-> Previous version2.3.0did not have<=2.0.0.spl-tokenversion4.0.1-> Previous version4.0.0did not have<=2.0.0.spl-token-group-interfaceversion0.1.1-> Previous version0.1.0did not have<=2.0.0.These are the ones I can find at this time. This affects anyone using
anchor-splright now, as well as some projects that don't use Anchor but pull inspl-token4.0.1while usingsolana-program1.X.Relevant Anchor issue: coral-xyz/anchor#3044
Suggested Solution
Purge the versions causing problems, re-release them without the
<=2.0.0, upgrade and release with<=2.0.0as a "major" version if not already available. As mentioned hereThe text was updated successfully, but these errors were encountered: