Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin swagger-client dependency to exact version #8014

Closed
wants to merge 1 commit into from
Closed

Pin swagger-client dependency to exact version #8014

wants to merge 1 commit into from

Conversation

emanb29
Copy link

@emanb29 emanb29 commented May 6, 2022

On at least 3 occasions, including this morning, updates to swagger-client have caused versions of swagger-ui to stop working.

This morning, changes to swagger-client's usage of btoa were released. Our build, depending on swagger-ui-react 4.1.0, failed with errors about the absence of the btoa module. We traced these errors to swagger-ui's bundled swagger-ui.js, which included some code from an older swagger-client version that expected btoa to still be present.

Previous issues include the removal of isomorphic-form-data around swagger-ui release 3.51.2, and the removal of querystring-browser around swagger-ui release 3.52.5

By pinning the swagger-client dependency to an exact version, issues with transitive dependencies should be mitigated. Of course, other dependencies may still pose similar problems, but swagger-client has been the recurring theme so far.

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@emanb29
Pin swagger-client dependency to exact version
a80cc29 
On at least 3 occasions, including this morning, updates to swagger-client have caused versions of swagger-ui to stop working.

This morning, [changes to swagger-client's usage of `btoa`](swagger-api/swagger-js@4832f32) were [released](https://github.com/swagger-api/swagger-js/commits/v3.18.5). Our build, depending on swagger-ui-react 4.1.0, failed with errors about the absence of the btoa module. We traced these errors to swagger-ui's bundled `swagger-ui.js`, which included some code from an older swagger-client version that expected `btoa` to still be present.

Previous [issues include](#7436) the removal of [isomorphic-form-data](swagger-api/swagger-js#2154) around swagger-ui release 3.51.2, and the removal of [querystring-browser](swagger-api/swagger-js#2288) around swagger-ui [release 3.52.5](#7556)

By pinning the swagger-client dependency to an exact version, issues with transitive dependencies should be mitigated. Of course, other dependencies may still pose similar problems, but swagger-client has been the recurring theme so far.
@tim-lai
Copy link
Contributor

tim-lai commented May 12, 2022

@char0n fyi

@char0n char0n mentioned this pull request May 16, 2022
Closed
@char0n char0n self-assigned this May 16, 2022
@char0n char0n self-requested a review May 16, 2022 13:48
@char0n
Copy link
Member

char0n commented May 16, 2022

Hi @emanb29,

Yes you're right. This has been pattern that has been repeating itself. The problem was in a way how code got bundled in swagger-ui.js file. Some vendor code got it, some was reference with CommonJS require function. This issue has been addressed (hopefully) in https://github.com/swagger-api/swagger-ui/releases/tag/v4.9.0 and by using SwaggerUI >= 4.9.0 you should no longer see this problem.

Unfortunately there's nothing we can do to prior releases suffering from this, as the npm releases are immutable.

@emanb29
Copy link
Author

emanb29 commented May 18, 2022

Thanks for taking the time to investigate and addressing the root cause! That addresses my main concern motivating this PR, so I'm going to go ahead and close this.

@emanb29 emanb29 closed this May 18, 2022
@emanb29 emanb29 deleted the patch-1 branch May 18, 2022 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@char0n char0n Awaiting requested review from char0n

Assignees

@char0n char0n

Labels
type: regression type: support
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@emanb29 @tim-lai @char0n