-
Notifications
You must be signed in to change notification settings - Fork 47
v1.0.0-rc.1 Post Mortem #74
Comments
I may be stating the obvious, but I found this tool online, could be useful to validate semver in the future: online semver checker |
Yeah I've seen this tool before. The problem with thinking you understand something is that it doesn't occur to you that you should double check it 💀. In the future, we're not going to use semver prerelease tags at all. |
This issue will be pinned for 1 week, then will be closed. |
@dyladan a lot of the packages in the opentelemetry-js repo have a peer dependency on
|
They will be "downgraded" to 0.19.0, which is actually newer code than 1.0.0-rc.0 |
Any estimate on when to expect that release ? |
I think we should in general avoid to release a new, breaking API version marked with latest on NPM before the corresponding core and contrib modules are in place. |
We could release with
|
What happened?
Around 2:30 PM EST on Tue May 18, we pushed API version
1.0.0-rc.1
which contained breaking changes which were incompatible with1.0.0-rc.0
. Many users, including anyone using the default SDK, depended on the "carat" range^1.0.0-rc.0
which allowed the upgrade to1.0.0-rc.1
automatically.This issue was resolved around 8:00 AM EST on Wed May 19 by pushing a reverted version as
1.0.0-rc.2
. For specific mitigation steps, see "What did we do to fix it," below.What was the impact?
The broken
1.0.0-rc.1
version was downloaded 184 times before it was deprecated on NPM. There is no way to know who these 184 downloads were. Many of them were CI builds, but it is likely that at least some "real" users installed the broken package.How did this happen?
This was caused by a misunderstanding of the way that
semver
handles prerelease packages. We were under the mistaken impression that users who depended on "carat" ranges would not receive the next prerelease version without specifically installing it.To quote the semver documentation:
What did we do to fix it?
As JavaScript maintainers, we took the following steps:
1.0.0-rc.0
as1.0.0-rc.2
, reverting all changes introduced by1.0.0-rc.1
for users who depended on^1.0.0-rc.0
or~1.0.0-rc.0
.1.0.0-rc.1
on NPMWhat is the plan moving forward?
1.0.0-rc.1
, which contains important fixes and updates, will be released as0.19.0
.1.0.0
version, we will stay at0.x.y
, which allows us to push breaking changes as minor version bumps.1.0.0
there will be no breaking changes released.The text was updated successfully, but these errors were encountered: