Migrated from: meteor/meteor#9244
I believe there's gonna be a serious amount of work to support this. practicalmeteor:mocha was last updated a year ago.... wouldn't it better to just clone it locally inside packages, and just change the version number? Or publish it as a new one?
I think this constraint resolver will come with a price in building the app. And even if we do it with "opt-in" ability, someone should still modify the package to support this new "opt-in" ability ?
My concern is that this isn't a common problem. And having 2 versions of the same package loading is dangerous, for example, a package extending Mongo.Collection twice, may lead to very unexpected behavior.
Please read to the bottom of that thread. The suggested actions as of the end of the discussion were:
meteor add https://github.com/GeoffreyBooth/meteor-mocha.git . Atmosphere is getting polluted with forks of other packages, and allowing installing packages directly from GitHub would resolve this. (See https://atmospherejs.com/?q=t9n for an example.)api.versionsFrom with old versions of Meteor, needlessly constraining lots of dependencies. It be nice to be able to add something to .meteor/packages or .meteor/versions or package.json to override this constraint rather than needing to fork and patch the package.The last item is the most important, and would actually resolve the problem; hence the new name of the issue. And it doesn鈥檛 involve allowing duplicate packages in the same project.
I've read it, but it seems I got a bit confused by the fact that Mocha had issues with newer coffeescript versions, and I did not see how the constraint overriding could fix the issue:
https://github.com/practicalmeteor/meteor-mocha/issues/94
It鈥檚 not just that one package. See https://github.com/meteor/meteor/pull/9107#issuecomment-338508621. I had this issue with nine packages just in the todos example app, which is hardly a complex app.
This issue will come up any time a commonly depended-upon package, like coffeescript or ecmascript, has a major version bump. ecmascript or babel-compiler probably _should_ get a major version bump when they switch to Babel 7, and if there鈥檚 no way to override the constraint resolver, pretty much no one will be able to upgrade to the new ecmascript.
Thanks for the clarification.
@theodorDiaconu While I fall somewhere in between you and @GeoffreyBooth in terms of how common I think this problem will be, I think it's important to be able to fix it reliably (if not easily) when it does happen, regardless of how common it is. In fact, the less common this situation is, the more we can treat the solution as something aimed at power-users, rather than something every Meteor developer needs to know how to do鈥攁nd that makes designing the solution a little easier!
How about this?
.meteor/packages file of an application has any exact @=x.y.z constraints, those versions take precedence over anything else, including any constraints that would normally be enforced by the constraint solver.Does it need to only be exact? What about @^x.y.z or @^x?
Either way, I鈥檇 like to still be able to run meteor update packagename to update it to the latest version, especially if it鈥檚 an exact version.
@benjamn Any word on this? It鈥檚 keeping me from being able to upgrade the coffeescript branch of the todos app鈥攁t least, without forking a bunch of packages:
=> Errors prevented startup:
While selecting package versions:
error: Conflict: Constraint [email protected] is not satisfied by coffeescript 2.0.3_4.
Constraints on package "coffeescript":
* [email protected]_4 <- top level
* [email protected] <- arillo:flow-router-helpers 0.5.2
* [email protected] <- zimme:active-route 2.3.2
* [email protected] <- tap:i18n 1.8.2
* [email protected] <- softwarerero:accounts-t9n 1.3.11
* [email protected] <- practicalmeteor:chai 2.1.0_1
* [email protected] <- practicalmeteor:sinon 1.14.1_2
Conflict: Constraint [email protected] is not satisfied by coffeescript 2.0.3_4.
Constraints on package "coffeescript":
* [email protected]_4 <- top level
* [email protected] <- arillo:flow-router-helpers 0.5.2
* [email protected] <- zimme:active-route 2.3.2
* [email protected] <- tap:i18n 1.8.2
* [email protected] <- softwarerero:accounts-t9n 1.3.11
* [email protected] <- practicalmeteor:chai 2.1.0_1
* [email protected] <- practicalmeteor:sinon 1.14.1_2
=> Your application has errors. Waiting for file change.
In the short term at least, could we at least neuter the version constraint caused by api.versionsFrom? That鈥檚 the reason all of these packages implicitly imply coffeescript, even though they aren鈥檛 actually using the package, because coffeescript used to be a core package and now it鈥檚 not. If an explicit version number in the packages or versions file could override api.versionsFrom, that would at least solve the coffeescript case.
This has come up in the wild: https://stackoverflow.com/questions/50757646/meteor-1-6-coffeescript-reserved-word-import/50772818?noredirect=1#comment89003965_50772818
Any plans for a fix? Or at least any direction on what an acceptable fix would look like?
The last time I gave this some thought, I mostly convinced myself that we would need some sort of configuration (perhaps in the "meteor" section of package.json) to ignore specific version constraints of certain packages, such as
{
"meteor": {
"ignoreConstraints": {
"practicalmeteor:chai": ["coffeescript", ...],
...
}
}
}
Seems wrong somehow to have some of the package version configuration in .meteor/packages, more in .meteor/versions, and yet more in package.json . . .
Another idea was to put it in .meteor/packages, as a JSON expression following a package name:
package2
tap:i18n { "ignoreConstraints": ["coffeescript", ...] }
package3
...
though that requires inventing new syntax for that file.
Rather than finding all the packages that constrain coffeescript and adding configuration to tell them to ignore that constraint, couldn鈥檛 we add a flag to coffeescript to tell it to override constraints? Kind of like !important in CSS.
# .meteor/packages
coffeescript !important
Or whatever you want to call it.
The logic behind this is that if there can only be one installed version of coffeescript, what matters is whether or not that version can be constrained by other packages. Otherwise I need to keep adding ignoreConstraints for every package that I get a warning about, until I鈥檝e made all the warnings go away.
@GeoffreyBooth What if api.versionsFrom could only set minimum versions for core packages, and otherwise would never hold back the versions of those packages? That seems like it would solve some of these problems, as long as we can determine whether or not a package version constraint came from api.versionsFrom (a question I will have to investigate).
That would solve this issue. It might be a little risky, in that some packages would get a much newer version than they鈥檙e expecting. Most packages aren鈥檛 really using most core modules, and few core modules have any breaking changes between major versions as far as I鈥檓 aware, but theoretically if a package is using a core module and expecting a certain version via versionFrom, and then that core module gets updated beyond a major version, the package could break.
But then again, I don鈥檛 know what better option we have. versionsFrom in its current form, locking down all core modules regardless of whether a particular package used that core module or needed a specific version, really ties our hands. Isn鈥檛 what you propose essentially a breaking change to versionsFrom?
Really this is an issue with any core (or formerly core) module. coffeescript is just a smaller case than something huge like ecmascript.
@GeoffreyBooth 鈽濓笍馃槈
This was implemented in Meteor 1.8 via https://github.com/meteor/meteor/pull/9942/commits/4a70b12eddef00b6700f129e90018a6076cb1681.
Most helpful comment
@GeoffreyBooth 鈽濓笍馃槈