Joi: Patch breaking change from 14.0.2 to 14.0.3

What is AWS using to install? Do they have their own installer that is different from npm?

Hello @hueniverse, Thank you for your great work ! We use Joi everyday, we are big fans !!

We have the same problem here.

Someone bumped the package.json version, from 14.0.2 to 14.0.3.
So there shouldn't be any breaking change here.
But actually there is one, because you expect node engine to be >= 8.12.0.

We use node 8.11 in production. We have to meet a deadline today, and we can't push now because the pipeline is broken.

We have 15 servers, we manually have to upgrade the node version on each one. It's risky thing to do on Friday, with business requirement to meet.

Can you rollback and upgrade from 14.0.2 to 15.0.3 please ? And also ensure that changes on topo package do not break the pipeline.

Thank you again,
Have a good day !

What is AWS using to install? Do they have their own installer that is different from npm?

The node engine required in 14.0.3 changed, which is a breaking change. My report is just to highlight that there was a breaking change in a patch, and that the major version number should probably be updated.

The semver spec only concerns the API, which hasn't changed. As such a patch release is sufficient.

If you are following the npm definition https://docs.npmjs.com/getting-started/semantic-versioning, then a patch would be a backward compatible bug fix.

I think the problem comes from topo dependency which upgraded engine requirement from 8.9.0 to 8.12.0

https://github.com/hapijs/topo/commit/ccf5ab1aa1d9f656f6c69f1112852af628fe6350

The problems seems to happen only when using Yarn. Works well with NPM

@c10h22 there is topo, and hoek that break.
I had the problem using npm

I've tested on node v8.9.0 / npm v5.5.1, and can confirm that in that scenario installation works without issue.

If something is blocking the installation, it's not the node version _itself_. Whatever program is checking the engines field and causing installation failure is really at the root of the problem—usually npm or yarn. My suggestion would be to understand that first. We _do_ want to support npm (which is not supposed to enforce the engines field), so if there are any quirks surrounding npm's enforcement of that field, I would be very interested to hear! In that case your npm version is relevant. To circumvent your pipeline issues, yarn's resolutions, yarn's --ignore-engines, and npm/yarn's lock files are all good places to start.

In short: one critical piece of missing information in the comments above is what's actually installing the packages (npm, yarn, or something else) and its version, and if you're using something not supported by this ecosystem such as yarn, you probably still have workarounds available to you.

See https://github.com/hapijs/hapi/issues/3859

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.