Storybook: use exact versions instead of version ranges

Created on 9 Mar 2018  路  8Comments  路  Source: storybookjs/storybook

Every now and then all our packages break because we have multiple versions of storybook in our dependencies. We have been tackling this issue by using yarn-resolutions but this is not a very maintainable approach.

The root of this issue is that dependencies of dependencies use version ranges making build irreproducible.

For instance installing [email protected] requires storybook@^3.3.13 which resolves to [email protected] (today 3.3.15) causing two different and incompatible versions of storybook to be present.

When ws upgraded from 3.3.3 to 3.3.4 all storybook versions broke due to "small" changes in error-handling.

Conclusion: storybook breaks everytime when a dependency of a dependency breaks making storybook builds non-reproducible.

Could we move to exact version numbers?

references:
https://github.com/newsuk/times-components/issues/716
https://github.com/newsuk/times-components/pull/673
https://github.com/newsuk/times-components/pull/658
https://github.com/newsuk/times-components/pull/650
https://github.com/newsuk/times-components/pull/641
https://github.com/newsuk/times-components/pull/629
https://github.com/facebook/react-native/issues/6627
https://github.com/storybooks/storybook/issues/2923
https://github.com/websockets/ws/issues/1256

dependencies merged
Source
picture nikhedonia

Most helpful comment

I was actually going to do this part:

use exact versions for cross-dependencies between our own packages

picture Hypnosphi on 10 Mar 2018
👍2 🎉1

All 8 comments

We only test the same version of all @storybook packages together, so if you're using @storybook/[email protected], all your addons should all be 3.3.15.

With that said, I can see how these patch versions could potentially cause minor bugs.

@Hypnosphi @shilman thoughts?

I think with the help of dependencies.io, we could potentially pin versions and upgrade them. I don't see this preventing any bugs from being shipped since we don't actively test patch version upgrades manually.

danielduan picture danielduan on 9 Mar 2018

I see why we should use exact versions for cross-dependencies between our own packages. For external ones, I still see a value in using ranges, because that allows package managers to optimize the size of your node_modules directory.

The situation with ws was an exception rather than a rule, usually people try hard not to break things in non-major releases

Hypnosphi picture Hypnosphi on 9 Mar 2018

@nikhedonia I suggest you guys upgrade with yarn upgrade-interactive instead of deleting the lock files.

As far as our workflow goes, I think this makes sense to me with the exception of react native. I think each minor 0.x release on react-native is a breaking change and we incorporate them as patch versions.

Opinions on how to address the upgrade cycle for RN?

danielduan picture danielduan on 10 Mar 2018

with the exception of react native

I've actually disabled react-native updates in dependencies.io

Hypnosphi picture Hypnosphi on 10 Mar 2018

I'm gonna close this issue as there isn't anything else we will address.

danielduan picture danielduan on 10 Mar 2018

I was actually going to do this part:

use exact versions for cross-dependencies between our own packages

Hypnosphi picture Hypnosphi on 10 Mar 2018
👍2 🎉1

Thank you @Hypnosphi for your quick fix. This should solve 99% of the storybook related issues we used to have.

nikhedonia picture nikhedonia on 12 Mar 2018

Released as 3.4.0-rc.2

Hypnosphi picture Hypnosphi on 18 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shilman picture shilman  路  3Comments
rpersaud picture rpersaud  路  3Comments
shilman picture shilman  路  3Comments
arunoda picture arunoda  路  3Comments
zvictor picture zvictor  路  3Comments