Undeclared Dependencies in token-providers@3.385.0

[zaq42]

Checkboxes for prior research

• I've gone through Developer Guide and API reference
• I've checked AWS Forums and StackOverflow.
• I've searched for previous similar issues and didn't find any solution.

Describe the bug

After updating to 3.385.0, using Yarn 3.6.1, there are a number of (21) unresolved dependencies for token-providers.

For example:

main: Error: @aws-sdk/token-providers tried to access @aws-sdk/util-user-agent-node, but it isn't declared in its dependencies; this makes the require call ambiguous and unsound.
Required package: @aws-sdk/util-user-agent-node
Required by: @aws-sdk/token-providers@npm:3.385.0 (via ./.yarn/cache/@aws-sdk-token-providers-npm-3.385.0-dd849ebcdb-8ee04c9433.zip/node_modules/@aws-sdk/token-providers/dist-cjs/client-sso-oidc-bundle/)

This may be related to #5049

Workaround was ultimately the following packageExtension in .yarnrc.yml:

packageExtensions:
  "@aws-sdk/token-providers@3.385.0":
    dependencies:
      "@aws-sdk/middleware-host-header": "*"
      "@aws-sdk/middleware-logger": "*"
      "@aws-sdk/middleware-recursion-detection": "*"
      "@aws-sdk/middleware-user-agent": "*"
      "@aws-sdk/util-endpoints": "*"
      "@aws-sdk/util-user-agent-node": "*"
      "@smithy/node-config-provider": "*"
      "@smithy/smithy-client": "*"
      "@smithy/config-resolver": "*"
      "@smithy/hash-node": "*"
      "@smithy/middleware-content-length": "*"
      "@smithy/middleware-endpoint": "*"
      "@smithy/middleware-retry": "*"
      "@smithy/middleware-serde": "*"
      "@smithy/node-http-handler": "*"
      "@smithy/protocol-http": "*"
      "@smithy/url-parser": "*"
      "@smithy/util-base64": "*"
      "@smithy/util-body-length-node": "*"
      "@smithy/util-defaults-mode-node": "*"
      "@smithy/util-retry": "*"
      "@smithy/util-utf8": "*"

SDK version number

@aws-sdk/token-providers@3.385.0

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

node v18.17.0

Reproduction Steps

This was observed after a routine update from:

   "dependencies": {
    "@aws-sdk/client-s3": "^3.383.0",
    "@aws-sdk/client-ssm": "^3.382.0",
    "@aws-sdk/s3-request-presigner": "^3.383.0",
    ...

to:

   "dependencies": {
    "@aws-sdk/client-s3": "^3.385.0",
    "@aws-sdk/client-ssm": "^3.385.0",
    "@aws-sdk/s3-request-presigner": "^3.385.0",

Observed Behavior

Using yarn 3.6.1 (PnP), after building and deploying a docker container, one error would be logged during app startup like the one below. Each time a suitable entry was added to .yarnrc.yml, the next start would reveal a further undeclared dependency.

The error appears to be during initialisation of the S3 component.

main: Error: @aws-sdk/token-providers tried to access @smithy/util-body-length-node, but it isn't declared in its dependencies; this makes the require call ambiguous and unsound.
Required package: @smithy/util-body-length-node
Required by: @aws-sdk/token-providers@npm:3.385.0 (via [projectPath].yarn/cache/@aws-sdk-token-providers-npm-3.385.0-dd849ebcdb-8ee04c9433.zip/node_modules/@aws-sdk/token-providers/dist-cjs/client-sso-oidc-bundle/)
Require stack:
- [projectPath].yarn/cache/@aws-sdk-token-providers-npm-3.385.0-dd849ebcdb-8ee04c9433.zip/node_modules/@aws-sdk/token-providers/dist-cjs/client-sso-oidc-bundle/dist-node.js
- [projectPath].yarn/cache/@aws-sdk-token-providers-npm-3.385.0-dd849ebcdb-8ee04c9433.zip/node_modules/@aws-sdk/token-providers/dist-cjs/index.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-sso-npm-3.385.0-a6d6f6da9a-f1bcbad656.zip/node_modules/@aws-sdk/credential-provider-sso/dist-cjs/resolveSSOCredentials.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-sso-npm-3.385.0-a6d6f6da9a-f1bcbad656.zip/node_modules/@aws-sdk/credential-provider-sso/dist-cjs/fromSSO.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-sso-npm-3.385.0-a6d6f6da9a-f1bcbad656.zip/node_modules/@aws-sdk/credential-provider-sso/dist-cjs/index.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-ini-npm-3.385.0-7753a58025-93b316712e.zip/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/resolveSsoCredentials.js
+ echo Running entrypoint script in [projectPath]suppliers
+ nodemon --watch [projectPath] --config [projectPath]nodemon.json ./app.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-ini-npm-3.385.0-7753a58025-93b316712e.zip/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/resolveProfileData.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-ini-npm-3.385.0-7753a58025-93b316712e.zip/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/fromIni.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-ini-npm-3.385.0-7753a58025-93b316712e.zip/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/index.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-node-npm-3.385.0-2546f65ad2-e40bebeb6f.zip/node_modules/@aws-sdk/credential-provider-node/dist-cjs/defaultProvider.js
- [projectPath].yarn/cache/@aws-sdk-credential-provider-node-npm-3.385.0-2546f65ad2-e40bebeb6f.zip/node_modules/@aws-sdk/credential-provider-node/dist-cjs/index.js
- [projectPath].yarn/cache/@aws-sdk-client-sts-npm-3.385.0-be87d88d64-395a5c708e.zip/node_modules/@aws-sdk/client-sts/dist-cjs/runtimeConfig.js
- [projectPath].yarn/cache/@aws-sdk-client-sts-npm-3.385.0-be87d88d64-395a5c708e.zip/node_modules/@aws-sdk/client-sts/dist-cjs/STSClient.js
- [projectPath].yarn/cache/@aws-sdk-client-sts-npm-3.385.0-be87d88d64-395a5c708e.zip/node_modules/@aws-sdk/client-sts/dist-cjs/index.js
- [projectPath].yarn/cache/@aws-sdk-client-s3-npm-3.385.0-1b602ff154-783d3b6f59.zip/node_modules/@aws-sdk/client-s3/dist-cjs/runtimeConfig.js
- [projectPath].yarn/cache/@aws-sdk-client-s3-npm-3.385.0-1b602ff154-783d3b6f59.zip/node_modules/@aws-sdk/client-s3/dist-cjs/S3Client.js
- [projectPath].yarn/cache/@aws-sdk-client-s3-npm-3.385.0-1b602ff154-783d3b6f59.zip/node_modules/@aws-sdk/client-s3/dist-cjs/index.js
- [projectPath]common/services/files.js
- [projectPath]common/models/document.js
- [projectPath]common/models/object.js
- [projectPath]suppliers/controllers/home.js
- [projectPath]suppliers/routes/website.js
- [projectPath]suppliers/app.js
    at require$$0.Module._resolveFilename ([projectPath].pnp.cjs:22983:13)
    at Module._load (node:internal/modules/cjs/loader:922:27)
    at require$$0.Module._load ([projectPath].pnp.cjs:22872:31)
    at Module.require (node:internal/modules/cjs/loader:1143:19)
    at Hook._require.Module.require ([projectPath].yarn/cache/require-in-the-middle-npm-7.2.0-80b6fc7498-5ed219d12a.zip/node_modules/require-in-the-middle/index.js:167:34)
    at require (node:internal/modules/cjs/helpers:110:18)
    at Object.<anonymous> ([projectPath].yarn/cache/@aws-sdk-token-providers-npm-3.385.0-dd849ebcdb-8ee04c9433.zip/node_modules/@aws-sdk/token-providers/dist-cjs/client-sso-oidc-bundle/dist-node.js:124:33)
    at Module._compile (node:internal/modules/cjs/loader:1256:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)
    at require$$0.Module._extensions..js ([projectPath].pnp.cjs:23027:33)

Expected Behavior

Clean startup with all dependencies captured during the build phase.

Possible Solution

This may be related to #5049

Workaround was the following packageExtension in .yarnrc.yml:

packageExtensions:
  "@aws-sdk/token-providers@3.385.0":
    dependencies:
      "@aws-sdk/middleware-host-header": "*"
      "@aws-sdk/middleware-logger": "*"
      "@aws-sdk/middleware-recursion-detection": "*"
      "@aws-sdk/middleware-user-agent": "*"
      "@aws-sdk/util-endpoints": "*"
      "@aws-sdk/util-user-agent-node": "*"
      "@smithy/node-config-provider": "*"
      "@smithy/smithy-client": "*"
      "@smithy/config-resolver": "*"
      "@smithy/hash-node": "*"
      "@smithy/middleware-content-length": "*"
      "@smithy/middleware-endpoint": "*"
      "@smithy/middleware-retry": "*"
      "@smithy/middleware-serde": "*"
      "@smithy/node-http-handler": "*"
      "@smithy/protocol-http": "*"
      "@smithy/url-parser": "*"
      "@smithy/util-base64": "*"
      "@smithy/util-body-length-node": "*"
      "@smithy/util-defaults-mode-node": "*"
      "@smithy/util-retry": "*"
      "@smithy/util-utf8": "*"

Additional Information/Context

The last similar issue I saw led to this entry in my .yarnrc.yml:

packageExtensions:
  "@aws-sdk/client-s3@3.374.0":
    dependencies:
      "@smithy/hash-stream-node": "*"

[Negan1911]

Happening to me as well, using your workaround solved it for now!

[zaq42]

Not fixed in 3.386.0.

Workaround is still required.

[kuhe]

We're adding declared dependencies in the next release (expected in one day's time), which should resolve this particular problem.

We'll also need to rework the circular dependency solution, but that's unrelated to this.

edit: it turns out we can't use the change from #5064. I'll try to come up with a solution that fixes the cyclical dependency and does not introduce undeclared dependencies, but please use the workaround you have for now.

[zaq42]

Confirmed fixed in 3.388.0
Workaround no longer required.

Thank you!

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.