-
-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): lock graphql dependency to prevent unstable versions #1656
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should remove the upper range (
<16.7.0). I believe you added it because GraphQL used to have a broken16.xrelease. They don't have that anymore, so we should really set this to:What do you think about this? @bartektelec
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may be tricky. The
16.7.xversions are exactly what break the build, both16.7.0and16.7.1introduce this problem, but as you mentioned this issue is bound to the compiler. I did some digging and seems like there are still problems with these versions and other packages are affected - as seen here graphql/graphql-js#3928In fact the issue they link in the comment right where the code breaks is still open: graphql/graphql-js#2317
I also checked out the codesandbox link I provided in the issue and it still breaks, BUT - only if using
vite@^3.0.0when switched tovite@^4.0.0the problem gets solved. Further narrowed it down to[email protected]being the last version that keeps breaking.So I'm not sure where we should take it from here, there are tons of projects that still run of older vite and rollup versions and will probably do so for a while
Completely agree this should be fixed by
graphql-jsbut until it is I would advice locking the version of graphql to lower than16.7.0otherwise it will affect all MSW's users that depend onvite@<=4.2.0or whatever rollup version that breaks.Walk around for the end user is either updating the bundler if possible or doing the nasty thing of locking the
graphqlversion manually in the lock fileThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If that's the case and the issue in
graphqlstill persists, then I think the right course of action here is to do nothing.By locking the upper range of the GraphQL version we are making a decision on the user's behalf. With that, comes quite a share of responsibility, as we now should lift off that range restriction as soon as the issue is fixed in the right third-party package. Suddenly, MSW itself becomes bound to the state of the issue, while it shouldn't be.
I see it this way:
The debugging journey for the users that encounter this issue now becomes:
graphqlside to pin mygraphqlpackage version to a specific version that doesn't have the issue.Originally, I thought the issue has already been fixed, and the intention was to ensure that MSW users are encouraged to migrate to more recent versions of
graphql. But if it's the opposite, and the intention is to lock in that dependency version, I'd vote against it.Let me know if I understood the current state of things correctly. Always open to discussion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is partially correct, although even if you are not using
graphqlin your project you are still affected.Like in the codesandbox example I provided you don't even need to have a single request or MSW handler for it to crash.
So yes - if you are using an older version of vite/rollup that doesn't compile the problematic code properly you will need to manually pin the peer dependency of MSW to be a lower version of
graphql.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't deny that. All I mean is that MSW isn't the right place to propagate this kind of error, as it's much broader and affects more things than MSW. Do you still have some concerns about it?