-
-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[email protected] has higher dependency versions than [email protected]? #9747
Comments
It seems there is also no release / tag regarding this at https://github.com/facebook/create-react-app/releases and https://github.com/facebook/create-react-app/tags So where are the tags and releases for this? |
In my opinion it's more suspicious than confusing. |
See https://github.com/facebook/create-react-app/blob/master/packages/react-scripts/package.json, there was no 3.4.3 in the code, same for 3.4.2. |
Diffs between .1 => .2 and .2 => .3 at https://gist.github.com/DanielRuf/af5313341e7784677bca5b4147cf2d75 |
Interestingly here it is still |
cc @iansu as he published the previous tags and releases. |
Hmm, I don't see the evidence that either of these are related to those releases. Wondering why you think they are related?
How did you determine that? This doesn't sound right: https://unpkg.com/browse/[email protected]/package.json You can see 3.4.2 only bumped These releases were in response to false positive Snyk audits and contain no other changes than |
Ok, so no eslint 7 support as I understand correctly? Any plans to support eslint 7 by increasing this or is there some pre-release that we can use for eslint 7 |
@DanielRuf I don't understand what this thread has to do with ESLint 7. You're welcome to file a new issue to discuss this, but it doesn't seem relevant to what is being asked (differences between these three releases).
I agree but there is no real commit I can tag. Of course I can just make a fake one if that would help. |
Wouldn't this be reflected / visible in package.json which is versioned?
Thanks, we'll check if we can resolve the eslint 7 issue somehow. |
If you run npx create-react-app, and look in node_modules/react-scripts, the package.json for 3.4.3 has the lower version dependencies I listed. When I git cloned this repo and ran the commands to run create-react-app locally, the dependencies listed in the package.json were the higher versioned ones you’re seeing. The reason I felt that this was related to the other issues was that some of the other issues were discussing issues related to having lower-versioned packages. If you run npx create-react-app and check the react-scripts package.json, do you see what I’m seeing? |
As the whole repo is a monorepo you need something like yarn or lerna normally. You probably got the dependencies from https://github.com/facebook/create-react-app/blob/master/package.json#L27 or https://github.com/facebook/create-react-app/blame/master/packages/react-scripts/package.json#L47 which is for the latest version (4.0.0-next.98). There is only the 3.4.1 tag at https://github.com/facebook/create-react-app/releases/tag/react-scripts%403.4.1 and the relevant code at https://github.com/facebook/create-react-app/tree/react-scripts%403.4.1/packages/react-scripts |
Again, I'm talking about when you start a new React project using the preferred
Please note that it says that it's version 3.4.3. And that the dependencies are the lower-versioned ones I specified earlier. |
Yes, this is the correct one. The question is from where the higher ones are. Because they just forgot to bump the version number here in the repo but increased the versions. You can not compare the current |
Do you have two seprate projects which were created with this command and have the different dependency versions / entries and use 3.4.1 and 3.4.3? |
@DanielRuf The discussion is about what's on npm, so I think you're causing more confusion by suggesting to look at GitHub. Those versions are not relevant. |
I'm not confusing things. See #9747 (comment)
|
Ahhhhh |
Ok this makes sense now. Thanks @DanielRuf and @AmyShackles for the extra details. Both However, the versions you get if you git clone the repo are going to be higher because the When |
AH! THAT makes sense. Sorry to be a bother! 😓 |
No worries. Thanks to this I found the |
Is your proposal related to a problem?
Starting a project with
npx create-react-app app-name
currently uses [email protected]. I was surprised to see that this brought in the dependency of left-pad. Digging into it further, I noticed that there were several dependencies that were higher-versioned in [email protected] than they are in @3.4.3. Here's a table of the dependencies listed in the two package.json versions of react-scripts. In bold are the dependencies that have a higher version listed in 3.4.1.Describe the solution you'd like
Upgrade the dependencies in [email protected] to be consistent with what versions they were in @3.4.1 (unless these were intentionally lower-versioned between versions of react-scripts.... though the changelog seems to suggest that dependencies were only meant to be upgraded, not downgraded).
Describe alternatives you've considered
If the downgrading of these versions was intentional, make a note in the documentation/changelog to reflect that. The fact that the version of react-scripts that's versioned in Github is different than the one that resolves if one uses create-react-app is also very confusing as a user.
Additional context
A few of the issues currently open seem to be related to these changes.
#9707
#9737
#8529
The text was updated successfully, but these errors were encountered: