Breaking change from v2.0.0 to v2.1.0

[75lb]

This project seems cursed with semver and npm tagging misuse.

Koa v2.0.1 supported node v4 and above. However, Koa v2.1.0 does not support node v4 and 5. Therefore, koa v2.1.0 introduced a breaking change and should have been released as koa v3.0.0.

My app (which depends on koa@^2.0.0) started breaking overnight on node v4 and v5 (after koa v2.1.0 was released) - obviously this should never happen where semantic versioning is adhered to.

[tj]

FWIW semver is flawed in nearly every case, even many things deemed as non-public API are implicitly public. Removal of a bug is often implicitly a backwards incompatible change, your program may be relying on the previous behaviour. This situation is a bummer maybe, but you should always pin versions.

[jonathanong]

we dropped support in for < 7.6 in the changelog in 2.0.1 but not in the package.json.

how is it breaking, exactly? is npm not allowing you to shrinkwrap? if so, that would be an acceptable reason to drop the node version restriction.

[75lb]

if Koa doesn't adhere to semantic versioning then fine, I will pin my dependency to a specific version and check manually for safe updates from time to time. At least now i know. Cheers!

[tj]

It's basically impossible to truly adhere to semver. Function signatures etc are not the only thing that make up a program, and subtle things change all the time, what errors might be throw, where they're thrown, bugs that are fixed and change behaviour etc.

These things are arguably not public API, but implicitly they are. TL;DR always pin.

[dead-horse]

I don't think this is a breaking change as @jonathanong said, we already dropped support for node < 7.6 in document, even if koa core support node < 7.6, but it is hard to maintain middleware like session written with pure promise, and we can't make the ecosystem to don't use async await even it is native with node >=7.6.

[popomore]

It seems 2.1.0 is a bugfix of node engine in package.json rather than breaking feature.

It should only support Node>=7.6 in koa2, otherwise you can use koa1.

[75lb]

i'm fine with the recommendation to pin the koa version (I have already done that) but i'm surprised to read a few comments questioning whether 2.1 was a breaking release. Maybe it's because i wrote v2.0.1 in the issue title instead of v2.0.0 (the last version to advertise node v4 support).

koa v2.0.0 and v2.0.1 both ran fine in node v4 and v5 without issue, this script works fine:

const Koa = require('koa')
const koa = new Koa()

However, install koa v2.1.0 and run the same script in node v4 or 5:

$ node index.js
/Users/lloydb/Downloads/koa-issue/node_modules/koa/lib/response.js:47
    const { res } = this;
          ^

SyntaxError: Unexpected token {
    at exports.runInThisContext (vm.js:53:16)
    at Module._compile (module.js:373:25)
    at Object.Module._extensions..js (module.js:416:10)
    at Module.load (module.js:343:32)
    at Function.Module._load (module.js:300:12)
    at Module.require (module.js:353:17)
    at require (internal/module.js:12:17)
    at Object.<anonymous> (/Users/lloydb/Downloads/koa-issue/node_modules/koa/lib/application.js:11:18)
    at Module._compile (module.js:409:26)
    at Object.Module._extensions..js (module.js:416:10)

This is a breaking change and a semver violation between koa 2.0.1 and 2.1.0. My app (which depends on koa@^2.0.0) broke overnight for many node 4 and 5 users. I just wanted to post this extra detail to clear up any confusion.

[fl0w]

So, I think the main issue was/is that Koa v2.0.0 should never have been used/released. Alpha tagged releases came after Koa v2.0.0, it was never a stable or public release anyway (AFAIK). We run Koa v2.0.0-alpha.7 in production and shrinkwrap (which is the sane way to control dependencies anyway), we had no issues with the Koa v2.1 release, though we also wait for node v8 LTS before jumping.

It was however foreseeable that users with dependency on "koa": "^2" would have problems if they ran < node v7.6.

[Cmdrobot]

Hello guys,

How can i use await Promise.all for my function?
i have use kao v2.7 and when i call await Promise.all as my function it's return 404 every time how i can fix it... please help

Thanks.