Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

v5.4.0 uses a git dependency

See original GitHub issue

Description

This package now pulls its auth0 dependency from a branch in a git project (git://github.com/auth0/node-auth0.git#actionsManager), which makes it unsuitable for production use.

See: https://github.com/auth0/auth0-deploy-cli/blob/master/package.json#L30

This branch could change making different installations of this package behave differently (which is an undesirable trait for production use). I understand if this was an alpha version of the library, but does not feel like this should be done in release versions.

Reproduction

I initially discovered this because our build environment pulls dependencies through a proxy, and it was blocking the installation of this package because we have not allowed the port that git:// uses.

Environment

Version of this library used: 5.4.0

Issue Analytics

State:
Created 3 years ago
Reactions:9
Comments:11 (4 by maintainers)

Top GitHub Comments

2reactions

shawnmcleancommented, Jan 13, 2021

Would a short term solution of locking the version of the tool in your CI to the previous version unblock you until we sort this out?

2reactions

brad-fitzwatercommented, Jan 11, 2021

@shushen - No, I don’t think simply changing the protocol would resolve this. auth0-deploy-cli is currently at 6.0.0, which makes me think it is stable. However, it depends on a branch of node-auth0 that is currently months stale and not getting updates. In fact, https://github.com/auth0/node-auth0/pull/570 is currently tagged with DO NOT MERGE, which is concerning. When will https://github.com/auth0/node-auth0/pull/570 be merged?

I have used auth0-deploy-cli in our CI/CD process for a while and it works great, but I cannot upgrade until it uses the official node-auth0 dependency.

Edit: regarding the update I needed (auth0/node-auth0#567), I realized I can get this update by uninstalling, then reinstalling the same version of auth0-deploy-cli because it’s a transitive dependency. I still agree with the original issue that the auth0-deploy-cli needs to use the official node-auth0 library instead of a branch.

Top Results From Across the Web

Update dependency constraint to allow for liquid v5.4.0 #9094

Hey there!. I noticed that the constraint you have for liquid doesn't allow for the latest version to be used.

Git dependencies - Unity - Manual

To use Git dependencies in a project, make sure you installed the Git client (minimum version 2.14.0) on your computer and that you...

Depend on a branch or tag using a git URL in a package.json?

From the npm docs, using a git URL: git://github.com/<user>/<project>.git#<branch> git://github.com/<user>/<project>.git#feature\/<branch>.

Git dependencies - Unity Manual

To use Git dependencies in a project, make sure the Git client is installed on your machine and that you have added the...

Git Hooks without extra dependencies like Husky in Node.js ...

Git 2.9+ supports core.hooksPath for local git hooks, so we do not need extra dependencies like husky. lint-staged recommented to use with husky ......