aws lambda build issue with esbuild v0.22.0 #3819
Comments
|
Hey @evanw, Just wanted to share that this affects us as well, and it will be affecting any Of course, that decision is entirely up to you. The related aws-cdk issue: |
|
Why was an EXPERIMENTAL deliberate breaking change introduced as a minor version bump?!? |
This is the contract of a 0.x.y semver. The issue is with aws-cdk installing |
|
True, and I forgot about the 0.x quirks of npm, but for a project that has 32 million weekly installs a bit more care should be taken. |
|
Can report the same, |
|
The treatment of esbuild being on a 0.xx release and sitting behind that as an excuse to making breaking changes without any form of input from the community, while getting almost 26 million downloads a week is abysmal behaviour from the maintainer. Whether you agree with your software being stable or beta doesn't really matter when it's deeply relied on by millions of users. The decision to release a breaking change without even a second thought intentionally (as indicated by the release notes) for a reason essentially being "people are confusing the initial intent, so I'm breaking their work." is genuinely baffling. "many people don't read the documentation and don't do this, and are then confused when it doesn't work" What about the millions of people that this already was working for? This is something that could've been done progressively with ease.
But no, you took the easy way out and sit behind the "it's beta software, we can break things" mask as an excuse for poor practices. |
|
Having the same ImportModuleError problem with CDK Lambda functions. Really bad, because there's no warning at build/deployment time. Lambda functions just stop working after redeploying with esbuild 0.22 and it's not so easy to track down the reason. |
|
It sounds like the primary problem here is caused by a very large company locking their widely-used product to essentially
This is also the reason why every single breaking change release for the past four years (from 0.8.0 to 0.22.0) has had a notice like this as the very first line of the release notes:
The way I've been getting feedback on things since the start of the project has been to publish a breaking change release to avoid disrupting people, and then get feedback on that new release line. This also isn't some random breaking change for fun. It's a change that I've been thinking about for a while, and it solves a long-running class of issues that people encounter when they use esbuild as you can see from the many issues that I keep getting about it. I linked to some of them in the recent release notes:
I was not previously aware that Amazon was using an unpinned version of esbuild for a widely-used product of theirs. For what it's worth, I don't believe Amazon has ever communicated with me about the use of esbuild in their product. I'm sorry about the disruption that this change has caused. I sincerely hope that Amazon learns to pin their dependencies in the future to avoid breaking their customers. Perhaps the best path forward here could be for esbuild to use a beta channel model for further development, to make sure that |
You shouldn't be sorry really. Amazon makes money on your project instead of you. If I were you, I would have said "f**k your AWS, if you want it your way, then pay me". And don't listen to the whiners above. Who also probably earn money on free project and still dare to criticize. |
|
They did fix it in aws/aws-cdk@7f5ce4b. This (esbuild) project follows semver, in the manifest it described how semver works, aws has a prob and a docker arg to change the version too, so there was no issue with the release of esbuild. In the end someone would still complain if you would release a v2 (in this case v0.22.0) with a breaking change... |
|
In my view, the whole 0.x numbering scheme is not such a good idea in general. It would be better to release major versions on breaking changes. I don't really see the benefit in having 0.x versions, but I see the problems. |
The QWERTY keyboard isn't a good idea in general either as it's designed to slow you down, and doesn't translate to the digital world at all, and yet here we are. The 0.x.y exception to the break-at-major-only makes perfect sense though; otherwise every project would be at version 2103.0.0 by the time you hear of it. That's the benefit. The 0 at the start of the version is a signal enough that breaking changes are coming since it means, by definition, that the public API hasn't been finalized yet. esbuild is simply following a very well-known semver specification. Don't install |
|
Semver spec ignores leading zeroes and default npm And If you use |
For me, version 2103.0.0 is completely fine, if it would prevent problems like the present one. Versions exist to help people, not other way round. |
Another thing that prevents problems is following the spec that says that |
I agree, both are good ways to prevent problems. I think 0.x versions tend to cause this kind of problems in many places, and you can try to educate people, and you can also try to avoid using 0.x versions unless really required. |
This effectively reverts #259 and #266 as the write-activity-log lambda is failing all requests after them. The update to ESbuild isn't actually a minor update - going to 0.22.0 breaks how packages are built. See their changelog (https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) and related issues (evanw/esbuild#3819) for more details. We did already update to ESBuild 0.23.0 which should have solved the problem, but we're still seeing all invocations failing. Let's revert back to a known good config while we understand what's happen, but we're still seeing all invocations failing. Let's revert back to a known good config while we understand what's happened.
## Proposed changes <!-- Provide a summary of your changes in the title above --> <!-- Include the Jira ticket number in square brackets as prefix, eg `[OLH-XXXX]: PR Title` --> ### What changed Revert ESbuild and AWS SDK updates. This effectively reverts #259 and #266 as the write-activity-log lambda is failing all requests after them. ### Why did it change The update to ESbuild isn't actually a minor update - going to 0.22.0 breaks how packages are built. See their changelog (https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) and related issues (evanw/esbuild#3819) for more details. We did already update to ESBuild 0.23.0 which should have solved the problem, but we're still seeing all invocations failing. Let's revert back to a known good config while we understand what's happened. ### Related links <!-- List any related PRs --> <!-- List any related ADRs or RFCs --> ## Checklists <!-- Merging this PR deploys to production. Please answer accurately. --> ### Environment variables or secrets - [x] No environment variables or secrets were added or changed ### How to review Please check the version numbers here against the ones in #259
I just want to respond to this, as I think a breaking change should be a major release increment. I feel that the npm documentation agrees with this: Minor Release: "Backward compatible new features" (Increment the middle digit) So introducing breaking changes in a minor release does break this paradigm and will hurt folks that pin the major release. Note that this would not have helped the CDK issue.
|
Except such folks shouldn't exist. Because any sane version wildcard ( |
You're wrong, read the whole spec: https://semver.org/#spec-item-4 |
|
@evanw , Maybe it's time for
|
|
@evanw , what do you think on my suggestion? |
Aws cdk generates next command on lambda build via esbuild
npx esbuild --bundle path/index.ts --target=node20 --platform=node --outfile=test-index.js '--external:@aws-sdk/*'
with version 0.22.0 it makes build with unbundled dependencies, as aws expect to bundle by default - builds are failing
with version v0.21.0 all works as expected.
If you build lambda via default docker is uses next command "npm install -g esbuild@0" to install latest esbuild, so literally all lambda builds via aws docker are failing
The text was updated successfully, but these errors were encountered: