1.5.3 breaks compatibility with 1.5.2

Question

1.5.3 breaks compatibility with 1.5.2

skippy opened this issue 9 years ago · 17 comments

skippy commented 9 years ago

hey folks,

the API breaks between 1.5.2 and 1.5.3. For example, ::JWT.decoded_segments(token) no longer exists.

would you mind, going forward, if the API changes, to increment at least a minor, if not major, revision number?

thanks!

eigilsagafos commented 9 years ago

+1

Answer 1 · 2016-03-02T21:21:28.000Z

Also, base64url_decode. Very frustrating.

Answer 2 · 2016-03-03T20:39:48.000Z

+1 to breaks in base64url_decode, it was being used by omniauth related work for X509.

Answer 3 · 2016-03-04T03:27:58.000Z

I will yank the 1.5.3 release this weekend and re-release it as 1.6.0. In addition I will update the documentation to make the changes more visible.

Sorry for the issues this release caused.

I wasn't aware of the fact that the base64url_decode function was used outside the JWT library in other gems.

Answer 4 · 2016-03-04T04:17:18.000Z

Thanks @excpt - unless you make it private methods, undoubtedly someone will find it and use it. Actually, probably for private methods too. But its been used apparently over a thousand times and these are just public repos.

Answer 5 · 2016-03-04T06:47:08.000Z

@databyte Thanks for the info. :)

Answer 6 · 2016-03-08T23:56:05.000Z

See Semantic Versioning, which is what most people assume is being followed. This just broke for me after updating some unrelated gems, so now I have to force 1.5.2 in the Gemfile.

Answer 7 · 2016-03-23T16:48:14.000Z

@connorshea @skippy @eigilsagafos @databyte @DigitallyBorn

If you have the time - can you check out the current master and test it with your projects? I made 2 PR #135 and #136 to fix the issues for the upcoming version 1.5.4.

Answer 8 · 2016-03-24T14:43:01.000Z

Version 1.5.3 yanked.

Answer 9 · 2016-03-24T15:01:41.000Z

Please don't yank things until you've published something newer. You've broken a whole bunch of CIs as 1.5.3 is being calculated as a dependency but is not available.

Answer 10 · 2016-03-24T15:05:19.000Z

I would suggest publishing 1.5.4 with a fork of the 1.5.2 code (only
changes would be version and readme / changelog)

On 24 March 2016 at 15:01, Alex Schultz notifications@github.com wrote:

Please don't yank things until you've published something newer. You've
broken a whole bunch of CIs as 1.5.3 is being calculated as a dependency
but is not available.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#133 (comment)

Answer 11 · 2016-03-24T15:05:35.000Z

ah, yep, I ran into this as well. 6 projects started to fail.

Would you mind putting 1.5.3 back up? Once it is published it should be locked. If you wouldn't mind, just publish 1.5.4 with backwards compatibility, and just going forward stick to semantic versioning? But the key is going forward :) @excpt, if I can help (besides calling shots from the cheap seats!) please let me know.

Answer 12 · 2016-03-24T15:07:36.000Z

@danleyden that is a good idea!

Answer 13 · 2016-03-24T15:17:23.000Z

@excpt I confirm @mwhahaha - it is breaking a bunch of CI, including OpenStack (30 Puppet modules, around 500 daily CI jobs are failing and will fail on that). Please publish 1.5.4.
Thanks a ton!

Answer 14 · 2016-03-24T15:33:35.000Z

Version 1.5.4 released.

Answer 15 · 2016-03-24T15:43:20.000Z

Thanks a lot for all the feedback. Lessons learned from the 1.5.3 disaster.

Answer 16 · 2016-03-24T15:44:12.000Z

Thanks @excpt for your responsiveness, much appreciated.