Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 1.4.0 is breaking dependent CJS packages #10

Open
kaleabmelkie opened this issue Aug 23, 2022 · 4 comments
Open

Version 1.4.0 is breaking dependent CJS packages #10

kaleabmelkie opened this issue Aug 23, 2022 · 4 comments

Comments

@kaleabmelkie
Copy link

I have a SvelteKit app that is dependent on @auth0/auth0-spa-js. That library is currently CJS and is dependent on es-cookie@^1.3.2.

My app is crashing with the following message because es-cookie@1.4.0 turned to an ESM package in a non-breaking version minor upgrade (which @auth0/auth0-spa-js assumed was fine):

Error [ERR_REQUIRE_ESM]: require() of ES Module /[redacted_project_path]/node_modules/.pnpm/es-cookie@1.4.0/node_modules/es-cookie/src/es-cookie.js from /[redacted_project_path]/node_modules/.pnpm/@auth0+auth0-spa-js@1.22.2/node_modules/@auth0/auth0-spa-js/dist/lib/auth0-spa-js.cjs.js not supported.
Instead change the require of es-cookie.js in /[redacted_project_path]/node_modules/.pnpm/@auth0+auth0-spa-js@1.22.2/node_modules/@auth0/auth0-spa-js/dist/lib/auth0-spa-js.cjs.js to a dynamic import() which is available in all CommonJS modules.
    at Object.<anonymous> (/[redacted_project_path]/node_modules/.pnpm/@auth0+auth0-spa-js@1.22.2/node_modules/@auth0/auth0-spa-js/dist/lib/auth0-spa-js.cjs.js:9:15)
    at async Promise.all (index 0)
    at async nodeImport (file:///[redacted_project_path]/node_modules/.pnpm/vite@3.0.9/node_modules/vite/dist/node/chunks/dep-0fc8e132.js:50619:21)
    at async eval (/src/lib/configs/auth0.ts:11:31)
    at async instantiateModule (file:///[redacted_project_path]/node_modules/.pnpm/vite@3.0.9/node_modules/vite/dist/node/chunks/dep-0fc8e132.js:50548:9)

Is it possible to revert the new ESM changes of v1.4.0 as v1.4.1 and release them as a new v2.0.0 instead (to respect semver)?
@kaleabmelkie
Copy link
Author

My temporary workaround is to force a version resolution in my SvelteKit app's package.json:

{
  "resolutions": {
    "es-cookie": "1.3.2"
  }
}

@iadnanmalik
Copy link

iadnanmalik commented Aug 23, 2022
edited

Same issue. In my case its being used in auth0/auth0-spa-js library as well.

@benjervis benjervis mentioned this issue Aug 25, 2022
Closed
@theodorejb
Copy link
Owner

I released the native ES module update as v1.4 instead of v2.0 since there is no change to the documented public API, and when using a module bundler such as Rollup or Webpack the library should continue working seamlessly. If your project can't support the ESM version for some reason, can you pin es-cookie to v1.3.2 (e.g. via package-lock.json or npm overrides)?

If I were to publish v1.4.1 as a CommonJS module instead of ESM, that could also be a breaking change for people already depending on the new ESM version...

@frederikprijck frederikprijck mentioned this issue Aug 25, 2022
Merged
3 tasks
@stefanmaco
Copy link

auth0/auth0-spa-js library as well.

worked for me, thanks. but isn't this a breaking change?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@theodorejb @stefanmaco @kaleabmelkie @iadnanmalik