Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Update semver usage in cdk packages

See original GitHub issue

❓ General Issue

Semver defined in internal packages.

The Question

All CDK packages use semver for internal dependencies. That means e.g. @aws-cdk/aws-cloudfront defines @aws-cdk/aws-iam as dependecies with the version of itself but with a caret.

E.g. version 1.2.0 of aws-cloudfront dependes on ^1.2.0 of aws-iam which is wrong since it requires exaclty 1.2.0.

This could easily leads to bugs which are hard to debug/understand.

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:15 (14 by maintainers)

Top GitHub Comments

4reactions

skinny85commented, Aug 20, 2019

@carlosrfernandez thanks for posting that workaround, but I think I speak for everyone on the team when I say that experience does not meet our CDK usability bar 😦

2reactions

skinny85commented, Aug 19, 2019

I confirm this is a problem:

$ cat package.json 
{
	"dependencies": {
		"@aws-cdk/core": "1.3.0"
	}
}

$ cat node_modules/\@aws-cdk/core/package.json | grep version
  "version": "1.3.0"

$ cat node_modules/\@aws-cdk/cx-api/package.json | grep version
  "version": "1.4.0"

There is no way to downgrade to 1.3.0 after 1.4.0 has been released.

Top Results From Across the Web

Use release and version control for constructs

Downstream AWS CDK applications or other AWS CDK constructs can update their dependency to use the newly released AWS CDK construct version.

Automating CDK Version Bumping with AWS Serverless and ...

Let's take a look at some specific scenarios around CDK version pinning (not using semver matching, e.g 1.97.0 ) in the package.json.

How to install a specific version of a CDK package | bobbyhadz

We can lock down the versions of CDK packages by passing in the --save-exact flag upon installation.

Correctly defining CDK dependencies in L3 constructs

This means your users cannot upgrade the CDK without upgrading your package and vice versa. To make your package usable by future CDK...

API Reference | projen

Projenrc, Sets up a javascript project to use TypeScript for projenrc. javascript. ... AwsCdkPackageNames, Language-specific AWS CDK package names. awscdk.