Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Multiple instances of graphql

See original GitHub issue

It seems the recent release of the 19th August 2022 upgraded graphql dependency to fix a security vulnerability, yet the @keystone-6/auth package did not and this now causes issues with build. To replicate… Upgrade keystone dependencies to the below as per recent release.

"@keystone-6/auth": "4.0.1",
"@keystone-6/core": "2.2.0",
"@keystone-6/document-renderer": "1.1.1",
"@keystone-6/fields-document": "4.1.0",
"@keystone-ui/fields": "7.1.1",

Try and run yarn. You will see…

Error: Cannot use GraphQLScalarType "{ name: "String", description: "The `String` scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.", specifiedByURL: undefined, serialize: [function serialize], parseValue: [function parseValue], parseLiteral: [function parseLiteral], extensions: {}, astNode: undefined, extensionASTNodes: [] }" from another module or realm.

Ensure that there is only one instance of "graphql" in the node_modules
directory. If different versions of "graphql" are the dependencies of other
relied on modules, use "resolutions" to ensure only one version is installed.

https://yarnpkg.com/en/docs/selective-version-resolutions

Duplicate "graphql" modules cannot be used at the same time since different
versions may have different capabilities and behavior. The data from one
version used in the function from another could produce confusing and
spurious results.
    at instanceOf (/Users/skin/Projects/activeProjects/0197_LL_SiteRebuild/lokalliving-stack/keystone6/node_modules/@keystone-6/core/node_modules/graphql/jsutils/instanceOf.js:35:13)
    ...

On inspection of the dependency tree we can see this is true.

├─┬ @keystone-6/auth@4.0.1
│ └── graphql@15.8.0
├─┬ @keystone-6/core@2.2.0
│ ├─┬ @apollo/client@3.6.9
│ │ ├─┬ @graphql-typed-document-node/core@3.1.1
│ │ │ └── graphql@16.6.0 deduped
│ │ ├─┬ graphql-tag@2.12.6
│ │ │ └── graphql@16.6.0 deduped
│ │ └── graphql@16.6.0
│ ├─┬ @graphql-tools/schema@9.0.1
│ │ ├─┬ @graphql-tools/merge@8.3.3
│ │ │ └── graphql@16.6.0 deduped
│ │ ├─┬ @graphql-tools/utils@8.10.0
│ │ │ └── graphql@16.6.0 deduped
│ │ └── graphql@16.6.0 deduped
│ ├─┬ @graphql-ts/extend@0.4.1
│ │ └── graphql@16.6.0 deduped
│ ├─┬ @graphql-ts/schema@0.5.3
│ │ └── graphql@16.6.0 deduped
│ ├─┬ @types/apollo-upload-client@17.0.1
│ │ └── graphql@16.6.0 deduped
│ ├─┬ apollo-server-core@3.10.1
│ │ ├─┬ @apollo/utils.usagereporting@1.0.0
│ │ │ ├─┬ @apollo/utils.dropunuseddefinitions@1.1.0
│ │ │ │ └── graphql@16.6.0 deduped
│ │ │ ├─┬ @apollo/utils.printwithreducedwhitespace@1.1.0
│ │ │ │ └── graphql@16.6.0 deduped
│ │ │ ├─┬ @apollo/utils.removealiases@1.0.0
│ │ │ │ └── graphql@16.6.0 deduped
│ │ │ ├─┬ @apollo/utils.sortast@1.1.0
│ │ │ │ └── graphql@16.6.0 deduped
│ │ │ ├─┬ @apollo/utils.stripsensitiveliterals@1.2.0
│ │ │ │ └── graphql@16.6.0 deduped
│ │ │ └── graphql@16.6.0 deduped
│ │ ├─┬ @apollographql/apollo-tools@0.5.4
│ │ │ └── graphql@16.6.0 deduped
│ │ ├─┬ @graphql-tools/mock@8.7.3
│ │ │ └── graphql@16.6.0 deduped
│ │ ├─┬ @graphql-tools/schema@8.5.1
│ │ │ ├─┬ @graphql-tools/merge@8.3.1
│ │ │ │ └── graphql@16.6.0 deduped
│ │ │ ├─┬ @graphql-tools/utils@8.9.0
│ │ │ │ └── graphql@16.6.0 deduped
│ │ │ └── graphql@16.6.0 deduped
│ │ ├─┬ apollo-server-plugin-base@3.6.2
│ │ │ └── graphql@16.6.0 deduped
│ │ └── graphql@16.6.0 deduped
│ ├─┬ apollo-server-errors@3.3.1
│ │ └── graphql@16.6.0 deduped
│ ├─┬ apollo-server-express@3.10.1
│ │ └── graphql@16.6.0 deduped
│ ├─┬ apollo-server-types@3.6.2
│ │ └── graphql@16.6.0 deduped
│ ├─┬ apollo-upload-client@17.0.0
│ │ └── graphql@16.6.0 deduped
│ ├─┬ graphql-type-json@0.3.2
│ │ └── graphql@16.6.0 deduped
│ ├─┬ graphql-upload@15.0.2
│ │ └── graphql@16.6.0 deduped
│ └── graphql@15.8.0
└─┬ @keystone-6/fields-document@4.1.0
  └── graphql@15.8.0

This can be also confirmed by inspecting the source code packages/auth/package.json

It seems auth package missed the upgrade. This is actually a non issue for me as I have built my own Auth and Access extension based on the original so I not longer need the @keystone-6/auth package, yet others are going to experience this problem I believe.

Issue Analytics

State:
Created a year ago
Reactions:10
Comments:18 (8 by maintainers)

Top GitHub Comments

6reactions

jlarmstrongivcommented, Aug 22, 2022

Yes, I was surprised by this error running npx create-keystone-app followed by npm commands. You can also workaround this issue via npm overrides:

{
  "overrides": {
    "graphql-upload@15.0.2": {
      "graphql": "^15.8.0"
    }
  }
}

I’m very happy to see all the dependency updates! Upgrading jest and other deps helped solve a lot of problems for me. I see that prisma@4 was merged, and I’m looking forward to updating to graphql@16 too.

but you can just use yarn in the mean time

Unfortunately, that’s not a viable option for me.

3reactions

dmythrocommented, Aug 29, 2022

I’m very happy to see all the dependency updates! Upgrading jest and other deps helped solve a lot of problems for me. I see that prisma@4 was merged, and I’m looking forward to updating to graphql@16 too.

Oh yes! Waiting for graphql@16 upgrade too 😃