Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dependency validation script #6155

Open
wants to merge 5 commits into
base: v2
Choose a base branch
from

Conversation

lettertwo
Copy link
Contributor

@lettertwo lettertwo commented Apr 19, 2021

↪️ Pull Request

This PR adds a script (yarn lint:dependencies) that checks for the following:

  • That packages have compatible semver expressions (see Version mismatch example below)

  • That dependencies of packages have compatible semver expressions (see Dependency mismatch example below)

The intent of these checks is to avoid unintentionally installing duplicate incompatible versions of packages or dependencies (both in the repository and in Parcel projects).

💻 Examples

Version mismatch:

PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]"
that is incompatible with the current version "@parcel/[email protected]".

This error is meant to catch the case where a Parcel package lists another Parcel package dependency with a semver expression that doesn't match the current version.

Dependency mismatch:

DependencyMismatchError: @parcel/utils has a dependency "json5@^1.0.1"
that is incompatible with a dependency "json5@^2.1.0" from @parcel/transformer-json

This error is meant to catch the case where a package lists a dependency with a semver expression that does not overlap with one or more other packages' semver expressions for the same dependency.

Ignoring errors via excludes

Packages can be ignored by adding their names to the PACKAGE_EXCLUDES set.

Dependencies can be ignored by adding their names to the DEPENDENCY_EXCLUDES set.

🚨 Test instructions

Script can be run via yarn lint:dependencies

✔️ PR Todo

  • Resolve current errors

    Found 39 errors.
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    PackageMismatchError: @parcel/config-default has a parcel dependency "@parcel/[email protected]" that is incompatible with the current version "@parcel/[email protected]".
    
    DependencyMismatchError: @parcel/core has a dependency "json5@^1.0.1" that is incompatible with a dependency "json5@^2.1.0" from @parcel/transformer-json
    
    DependencyMismatchError: @parcel/integration-tests has a dev dependency "json5@^1.0.1" that is incompatible with a dependency "json5@^2.1.0" from @parcel/transformer-json
    
    DependencyMismatchError: @parcel/utils has a dependency "json5@^1.0.1" that is incompatible with a dependency "json5@^2.1.0" from @parcel/transformer-json
    
    DependencyMismatchError: @parcel/core has a dependency "json5@^1.0.1" that is incompatible with a dependency "json5@^2.1.2" from @parcel/transformer-jsonld
    
    DependencyMismatchError: @parcel/integration-tests has a dev dependency "json5@^1.0.1" that is incompatible with a dependency "json5@^2.1.2" from @parcel/transformer-jsonld
    
    DependencyMismatchError: @parcel/utils has a dependency "json5@^1.0.1" that is incompatible with a dependency "json5@^2.1.2" from @parcel/transformer-jsonld
    
    DependencyMismatchError: @parcel/core has a dependency "micromatch@^4.0.2" that is incompatible with a dependency "micromatch@^3.0.4" from @parcel/node-resolver-core
    
    DependencyMismatchError: @parcel/utils has a dependency "micromatch@^4.0.2" that is incompatible with a dependency "micromatch@^3.0.4" from @parcel/node-resolver-core
    
    DependencyMismatchError: @parcel/transformer-js has a dependency "micromatch@^4.0.2" that is incompatible with a dependency "micromatch@^3.0.4" from @parcel/node-resolver-core
    
    DependencyMismatchError: @parcel/core has a dev dependency "tempy@^0.2.1" that is incompatible with a dev dependency "tempy@^0.3.0" from @parcel/integration-tests
    
    DependencyMismatchError: @parcel/fs has a dependency "rimraf@^3.0.2" that is incompatible with a dev dependency "rimraf@^2.6.1" from @parcel/integration-tests
    
    DependencyMismatchError: @parcel/integration-tests has a dev dependency "get-port@^5.0.0" that is incompatible with a dependency "get-port@^4.2.0" from parcel
    
    DependencyMismatchError: @parcel/integration-tests has a dev dependency "js-yaml@^4.0.0" that is incompatible with a dependency "js-yaml@^3.10.0" from @parcel/transformer-yaml
    
    DependencyMismatchError: @parcel/package-manager has a dependency "cross-spawn@^6.0.4" that is incompatible with a dependency "cross-spawn@^7.0.3" from @parcel/transformer-elm
    
    DependencyMismatchError: @parcel/babel-preset has a dependency "read-pkg-up@^4.0.0" that is incompatible with a dependency "read-pkg-up@^5.0.0" from @parcel/eslint-plugin
    
    DependencyMismatchError: @parcel/eslint-plugin has a dev dependency "eslint@^7.20.0" that is incompatible with a dev dependency "eslint@^6.0.0" from @parcel/validator-eslint
    
    DependencyMismatchError: @parcel/eslint-plugin has a dev dependency "eslint@^7.20.0" that is incompatible with a peer dependency "eslint@^6.0.0" from @parcel/validator-eslint
    
    DependencyMismatchError: @parcel/fs-write-stream-atomic has a dependency "readable-stream@1 || 2" that is incompatible with a dependency "readable-stream@^3.6.0" from @parcel/node-libs-browser

    questions

    1. The current PackageMismatchErrors are from parcelDependencies mismatches with current package versions. Does it make sense to validate these?
    2. Do any of the above DependencyMismatchErrors appear to be false positives?

@height
Copy link

height bot commented Apr 19, 2021

Link Height tasks by mentioning a task ID in the pull request title or description, commit messages, or comments.

💡Tip: You can also use "Close T-X" to automatically close a task when the pull request is merged.

@mischnic
Copy link
Member

DependencyMismatchError: @parcel/core has a dependency "micromatch@^4.0.2" that is incompatible with a dependency "micromatch@^3.0.4" from @parcel/node-resolver-core
DependencyMismatchError: @parcel/utils has a dependency "micromatch@^4.0.2" that is incompatible with a dependency "micromatch@^3.0.4" from @parcel/node-resolver-core

Just a heads up: I've tried to resolve this in the past, but they behave slightly differently: #5483 (comment) and I couldn't find a micromatch option to achieve the correct behaviour

(And I also ran into this in #5900 (comment))

@parcel-benchmark
Copy link

parcel-benchmark commented Apr 19, 2021

Benchmark Results

Kitchen Sink 🚨

Timings

Description Time Difference
Cold FAILED -0.00ms
Cached FAILED -0.00ms

Cold Bundles

No bundles found, this is probably a failed build...

Cached Bundles

No bundles found, this is probably a failed build...

React HackerNews ✅

Timings

Description Time Difference
Cold 8.68s +162.00ms
Cached 383.00ms -61.00ms 🚀

Cold Bundles

No bundle changes detected.

Cached Bundles

Bundle Size Difference Time Difference
dist/logo.1e014c76.png 274.00b +0.00b 210.00ms +23.00ms ⚠️

AtlasKit Editor 🚨

Timings

Description Time Difference
Cold FAILED -0.00ms
Cached FAILED -0.00ms

Cold Bundles

No bundles found, this is probably a failed build...

Cached Bundles

No bundles found, this is probably a failed build...

Three.js ✅

Timings

Description Time Difference
Cold 6.07s -157.00ms
Cached 357.00ms +37.00ms ⚠️

Cold Bundles

No bundle changes detected.

Cached Bundles

No bundle changes detected.

Click here to view a detailed benchmark overview.

Copy link
Contributor

@wbinnssmith wbinnssmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the state of this PR?

scripts/validate-dependencies.js Outdated Show resolved Hide resolved
scripts/validate-dependencies.js Outdated Show resolved Hide resolved
@lettertwo
Copy link
Contributor Author

What's the state of this PR?

Ah, I lost track of this one! Last I remember, the outstanding work was:

  1. Fix the errors that are currently being detected (so this merges with a 'clean slate')
    I guess this is mostly just resolving conflicts by updating versions to be compatible, and/or adding ignores for packages that require multiple versions (like @mischnic mentioned re: micromatch)

  2. Investigate why parcel dependencies aren't being auto-updated on publish
    I believe this might already have been fixed via bf03f01

I will get back to this ASAP, thanks for the reminder!

Checks for the following:
- That packages in the monorepo have compatible semver expressions
- That dependencies of packages have compatible semver expressions
@mischnic mischnic force-pushed the lettertwo/dependency-validation branch from 2688295 to f63e0cb Compare December 6, 2023 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants