3.2.0 wrongly released as minor version

[mariodu]

remove support for node.js v4 is a breaking change, should publish with major version.

[jtyjty99999]

+1

[dead-horse]

this module is widely used in node community, it is hard to pin the version of debug in application's package.json.

replace all let in ba8a424 with var can quickly resolve this problem, it doesn't hurts :)

[Qix-]

---

UPDATE: Everything should be back to normal. Read the post-mortem for more information.

---

Awkward.

Side effect of going so long between releases is stuff like this is missed.

Node 4 is out of LTS, and has been for a long while. It was last released in March of this year. The last non-LTS version was released in 2015. Please keep that in mind.

Here's what I'll do:

1. babel-ify the current version back to the stone ages for those on Node 4
2. release as 3.2.2 3.2.3 (3.2.0 wrongly released as minor version #603 (comment)) 3.2.4 (3.2.0 wrongly released as minor version #603 (comment))
3. immediately deprecate >=3.2.0 <4 on npm
4. release 4.0.0 that will be identical to 3.2.1

Is that acceptable?

---

UPDATE:

---

Everything should be back to normal. Read the post-mortem for more information.

---

tl;dr if you're seeing errors, make sure either 3.1.0 or 3.2.4 are being pulled. Package maintainers that use debug directly should try to upgrade to debug@4 if they don't need Node 4 support.

• A non-breaking version has been released as 3.2.4. Before commenting here or opening a new issue, please make sure that is in fact the version being pulled if you're seeing errors. Otherwise, npm should be recognizing the deprecation ranges and instead reverting to 3.1.0 (which is probably what you want).

• Versions debug@>=3.2.0 <4 have been deprecated. I have a support request in with npm regarding why the deprecation notice for 3.2.0 in particular isn't being shown, but it's being shown as deprecated correctly on the site.

• Downstream packages that do not choose to support Node 4 (that should be everyone seeing as how Node 4 is out of LTS) should upgrade to debug@4. You'll likely see better performance than 3.2.3 due to that range being very highly babel-ified.

• Downstream packages that must provide Node 4 support - if your ranges are set up to track minor changes, you shouldn't see any problems. Make sure that you're pinned to a range that, at the very least, stops at debug@4 (e.g. debug@<4). Starting at debug@4, Node 4 is no longer supported. We will not be distributing babel-ified versions for you - that will be up to you.

• Browser users should avoid 3.2.0 but should otherwise be unaffected (unless you require support for IE 8/9 in which case make sure you're pulling 3.2.1 or later).

• Users of debug that use require('debug/node') (which was originally a hotfix for babel-core that has since been removed) should pin to either < 3.2.0 or =3.2.4. You should also move away from using this import in lieu of just require('debug') as soon as possible because it never should have existed to begin with.

Post-mortem to come when it's determined the problems have been mitigated. I write some juicy^[1] post-mortems^[2] so stay tuned.

[Qix-]

@dead-horse That wouldn't work. There are a whole arsenal of things Node 4 doesn't support.

[dead-horse]

#603 (comment) seems good. 👍

[jtyjty99999]

Complete solution 👍

[mariodu]

👍

[Qix-]

@mariodu @jtyjty99999 @dead-horse / anyone that's reading this: 3.2.2 is released.

Can one of the afflicted confirm that it fixes Node 4 for you?

[medikoo]

Other problem is that with v3.2 node.js file was removed. Such change is also a breaking and should not be published with minor.

Still I'm not sure if any modules which explicitly relied on 3.x are affected.

I was affected but only because I pointed v3 to deps which expected v2 but for which v3.1 was still safe to use (e.g. babel-core which requires debug/node)

[Qix-]

@medikoo what was node.js being used for? It wasn't referenced in any of the meta-information that I could see, hence why it was removed.

debug had auto-detection in from a long time ago. Simply requiring debug in Node environments had the same effect as requiring debug/node.

If it's absolutely necessary I can re-add and release 3.2.3 but I'd much rather not do so.

EDIT: I see now. It was one of those things that shouldn't have happened in the first place.

https://github.com/babel/babel/blob/eac4c5bc17133c2857f2c94c1a6a8643e3b547a7/.github/CHANGELOG-6to5.md#3015 - a patch to debug to fix a niche use-case that was really the problem of another module. This is why maintainers are taking firm stances against that now.

[medikoo]

@medikoo what was node.js being used for?

I'm not sure about intentions, but it was used here https://github.com/babel/babel/blob/v6.26.3/packages/babel-core/src/transformation/file/logger.js#L2

It wasn't referenced in any of the meta-information that I could see, hence why it was removed.

This module was publicly published, so removing it makes breaking change, no matter whether it was intentionally published or not

[Qix-]

This module was publicly published, so removing it makes breaking change, no matter whether it was intentionally published or not

Not necessarily - if it's not being used and it's not documented anywhere in the docs (nor does the source have any comments talking about what it's used for) then there was little chance in affecting the public API, hence no need to bump the major version.

a31178c was the commit that introduced it. It was a hot-fix for a completely unrelated module. There was even concern at the time (a31178c#commitcomment-20264787) about how it was blatant technical debt.

This is what happens when you introduce technical debt with no action-plan as to how to pay it back in the future - especially when you don't document it.

---

I'll re-introduce node.js in 3.2.3 begrudgingly for those using an outdated babel-core.

[medikoo]

I'll re-introduce node.js in 3.2.3 begrudgingly for those using an outdated babel-core

Thank you!

[Qix-]

No problem. 3.2.3 is published - @medikoo can you confirm that fixes it for you?

[medikoo]

No problem. 3.2.3 is published - @medikoo can you confirm that fixes it for you?

As I look, there's no node.js published with v3.2.3

[Qix-]

@medikoo right you are. Here we go again. 3.2.4 has it - give that a shot. Surprised npm didn't tell me "nothing changed" when publishing.

[rarkins]

@Qix- you just accidentally deprecated the entire package on npm:

[rarkins]

If you deprecate the version which is tagged as latest, then npmjs considers the entire package to be deprecated. Please publish 3.2.5 as latest without a deprecation notice OR set 4.0.0 as latest.

[Qix-]

You're being cached. You're looking at 3.2.4 which is correctly deprecated. Give it a few minutes and npm will show 4.0.0 as latest.

Not sure why npm is showing This package has been deprecated instead of This version of this package has been deprecated. All of my deprecate commands were run with very specific ranges/versions.

[rarkins]

@Qix- npmjs has tagged 3.2.4 as latest, not 4.0.0. Quickest way right now to fix this would be for you to publish a 4.0.1 so that it takes over latest again

Look at http://registry.npmjs.org/debug and https://www.npmjs.com/package/debug