request: last release should be major version - breaks compatibility with pre ECMAScript 2015
Summary
https://github.com/request/request/pull/2751 breaks compatibility, the resulting hawk version should have incremented the major version number, not the patch number (2.82.0 to 2.82.1) in https://github.com/request/request/commit/6f1b51ed43309128487739f20f9df0699a043124
I updated hawk from 3.1.3 to 6.0.2 (still a ~ for version managing)
This jump in versions changed the which version(s) of NodeJS it is compatible with and should have resulted in a major version change. Only the patch version was updated (not even the minor version!), consequently libraries which depend on version 2.x of request automatically pick up a breaking change.
Simplest Example to Reproduce
run/compile in code that requires/uses pre- ECMAScript 2015
Expected Behavior
compiling an application that has transitive dependencies on request 5 days ago and today should continue to work, especially when the transitive dependency specifies a locked major version.
Current Behavior
building a project fails due to the new patch version.
/node_modules/grunt-juice-email/node_modules/juice/node_modules/jsdom/node_modules/request/node_modules/hawk/node_modules/boom/lib/index.js:5
const Hoek = require('hoek');
^^^^^
Loading "juice.js" tasks...ERROR
>> SyntaxError: Use of const in strict mode.
Possible Solution
remove version 2.82.1, update to 3.0.0 to account for the breaking change
Context
Builds that worked on the 15th no longer work, code work, deploys that are in-progress are halted. We’re looking at having to create a snowflake fork of this library just to keep our application working, since upgrading our NodeJS across the board is not a short-term option.
Your Environment
| software | version |
|---|---|
| request | 2.x (via jsdom ) |
| node | 0.10.26 |
| npm | |
| Operating System | Debian 7.11 |
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 3
- Comments: 16 (5 by maintainers)
Commits related to this issue
- fix request dependency - the new request version breaks compatibility with pre ECMAScript 2015 https://github.com/request/request/issues/2774 — committed to ibm-cloud-security/appid-serversdk-nodejs by shiranyo 7 years ago
- fix request dependency - the new request version breaks compatibility with pre ECMAScript 2015 https://github.com/request/request/issues/2774 — committed to ibm-cloud-security/appid-serversdk-nodejs by shiranyo 7 years ago
Nope.
Read thread https://github.com/request/request/issues/2772#issuecomment-330879495
I also recorded some audio w/ @watson about it https://www.patreon.com/posts/thomas-watson-on-14473075
If you are still on a version of Node.js no longer supported by the project, which we removed support for 11 months ago, and have been ignoring the warnings npm generates that entire time, it’s on you to go in and lock the version of request your rely on to an earlier version.
+1 Please revert or fix immediately, it will be a lot of work to go through and fix this in our own projects rather than fixing it in this repo!
+1 here. This is breaking all of our builds because a lot of the libraries we use depend on this. Please either revert or fix!
You can’t just bump a breaking change a minor version bump. We have projects that have been ticking over for many years because we can’t build them anymore. We also can’t pin down the previous version of request because it’s not a direct dependency but one that is 3 levels deep.
Not following semver because you
isn’t a good reason.
You can do whatever you want… It is your project, after all. I am just pointing out that lots of work will have to be done by lots of people because you choose not to respect SemVer.
Using this as an opportunity to grandstand about EOL versions shows a real lack of compassion, or perhaps understanding, about software lifecycles as well.
Understood, but that does not make the change any less of a breaking change, which should be indicated with a major version increment, not a patch version. http://semver.org/
@mikeng13 shrinkwrap on older npm, package-lock.json on newer npm.