Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth0 2.8.0 is unable to resolve dependencies #870

Open
6 tasks done
swizzlr opened this issue Sep 17, 2024 · 7 comments
Open
6 tasks done

Auth0 2.8.0 is unable to resolve dependencies #870

swizzlr opened this issue Sep 17, 2024 · 7 comments
Labels
bug This points to a verified bug in the code

Comments

@swizzlr
Copy link

swizzlr commented Sep 17, 2024

Checklist

Description

.package(url: "https://github.com/auth0/SimpleKeychain.git", .upToNextMajor(from: "1.1.0")),

now resolves to SimpleKeychain 1.2.0. 2.8.0 supports iOS 13, but 1.2.0 supports iOS 14.

The workaround is to either update to 2.9.0 or manually fix a dependency on SimpleKeychain at 1.1.0. A previously pinned package will continue to work until either an attempt is made to resolve without pins or if the user attempts to update all package versions with Xcode (which does not support selectively updating the package.resolved).

The impact of this is that any CI processes that currently resolve to 2.8.0 (e.g. upToNextMinor) and have unpinned dependencies (such as internal packages) will now arbitrarily break.

Reproduction

  • Resolve a Swift package that depends on 2.8.0 (e.g. upToNextMinor or exact)
  • See that it doesn't

Additional context

No response

Auth0.swift version

2.8.0

Platform

iOS

Platform version(s)

n/a

Xcode version

n/a

Package manager

Swift Package Manager

@swizzlr swizzlr added the bug This points to a verified bug in the code label Sep 17, 2024
@desusai7
Copy link
Contributor

Hi @swizzlr,

We are working on fixing this

@desusai7
Copy link
Contributor

Hi @swizzlr,

Thank you so much for your patience! I'm happy to share that we've addressed this issue in our 2.9.0 release, which now pins dependencies to a specific version rather than allowing updates up to the next major release.

In the meantime, manually setting the dependency version should resolve the issue for you. Please let us know if you run into any further problems—we're always here to help!

@hsingh-texada
Copy link

@desusai7
I am absolutely furious with how this has been handled. As the owners of the Auth0 library, it is beyond unacceptable that you’ve likely broken the systems of hundreds of your customers with this change and haven't even bothered to release a patch. And then you expect us to manually adjust dependencies ourselves? This is completely outrageous.

At the very least, you should have released a 2.8.1 patch to fix the version pinning, which would have prevented this mess and ensured customers didn’t encounter the issue in the first place.

To make matters worse, 2.8.0 is a disaster. It should be treated as a faulty release, possibly removed altogether, and customers should be directed to the fixed 2.8.1.

Get this sorted out immediately. You're eroding customer trust, and this level of negligence is unacceptable.

@hsingh-texada
Copy link

Any updates here @desusai7 ?

@desusai7
Copy link
Contributor

desusai7 commented Oct 9, 2024

Hi @hsingh-texada,

Apologies for all the delay on this, we will release a patch for this.

@desusai7
Copy link
Contributor

Hi @swizzlr, @hsingh-texada,

We've just released version 2.8.1 with the fix to this issue, please check this out and let us know if you run into any issues

@Meowzz95
Copy link

I think I'm getting the same issue with 2.10.0
CleanShot 2024-10-22 at 17 57 40@2x

How can I fix this? I tried 2.8.1 as well, didn't work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This points to a verified bug in the code
Projects
None yet
Development

No branches or pull requests

4 participants