angular-cli icon indicating copy to clipboard operation
angular-cli copied to clipboard
verified publisher icon angular

New Angular projects install jasmine-core ~5.7.0 but use 4.6.1

Open sgravrock opened this issue 6 months ago • 5 comments

Which @angular/* package(s) are the source of the bug?

Don't known / other

Is this a regression?

Yes

Description

The package.json file generated by ng new includes the dev dependency "jasmine-core": "~5.7.0", but jasmine-core 4.6.1 is also installed and used to run tests in Karma. Steps to reproduce:

  1. Install @angular/cli 20.0.3.
  2. Run ng new some-name and accept all the defaults.
  3. Note the jasmine-core dependency in package.json.
  4. Run npm test and note the Jasmine version displayed in the browser.
  5. Run npm ls jasmine-core.

Expected: The versions from steps 3 and 4 agree, and step 5 shows that only a single version of jasmine-core is installed. Observed: Step 3 and 4 show different major versions, and step 5 shows that two different versions of jasmine-core are installed.

The problem is that karma-jasmine declares a dependency on jasmine-core 4.x. ng new tries to set up the project to use jasmine-core 5.x, but it doesn't add the necessary override.

Note: I'm not an Angular user, but I do maintain Jasmine. I've seen this version mismatch cause a couple of problems. One is that Angular users are occasionally confused about which major version of jasmine-core they're actually using. The other is that it makes jasmine-core download statistics pretty much useless for determining uptake of the latest major version, since an unknown but probably large portion of 5.x downloads are from Angular users who are actually still running 4.x.

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

Please provide the environment you discovered this bug in (run ng version)

Angular CLI: 20.0.3
Node: 20.19.0
Package Manager: npm 10.8.2
OS: darwin arm64

Angular: 20.0.4
... common, compiler, compiler-cli, core, forms
... platform-browser, router

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.2000.3
@angular-devkit/core         20.0.3
@angular-devkit/schematics   20.0.3
@angular/build               20.0.3
@angular/cli                 20.0.3
@schematics/angular          20.0.3
rxjs                         7.8.2
typescript                   5.8.3
zone.js                      0.15.1

Anything else?

No response

sgravrock avatar Jun 21 '25 19:06 sgravrock

Angular users are occasionally confused about which major version of jasmine-core they're actually using

Here's an example from today: https://github.com/jasmine/jasmine/issues/2066

sgravrock avatar Jun 24 '25 18:06 sgravrock

One option is for me to do a final jasmine-core 4.x release that adds an unconditional deprecation warning, along the lines of:

You are running jasmine-core 4.x, which is unsupported and unmaintained. If you're using Karma and thought you were running a newer version, see https://jasmine.github.io/pages/faq.html#002-karma-version.

That would let users know what's going on, and hopefully shift the cost of supporting Google's decision to abandon but still ship Karma back to where it belongs.

sgravrock avatar Oct 02 '25 19:10 sgravrock

@sgravrock bumping the version in either a patch or getting another karma-jasmine release out is something we’re open to.

The concern would be that’s it’s effectively an untested version upgrade for a dependency in a library that’s unmaintained (karma) so there’d be no real mechanism to address issues that come from the version bump.

Are you aware of anything problematic that has come up for people who have done the version override in package.json as you’ve documented in the jasmine FAQ?

atscott avatar Oct 31 '25 15:10 atscott

That's good news. Thank you.

Are you aware of anything problematic that has come up for people who have done the version override in package.json as you’ve documented in the jasmine FAQ?

No, I haven't heard anything. As far as I can recall, all the bug reports involving Karma and Jasmine 5 have been from people who turned out to be running Jasmine 4.

5.0 was pretty light on breaking changes. The only thing I can think of that might be an issue is the switch to using addEventListener instead of window.onerror, but nobody's reported any problems there.

sgravrock avatar Oct 31 '25 16:10 sgravrock

The other potential factor is changes in browser support. Jasmine has never consistently treated browser support changes as semver-major, but I don't think we documented that we don't do that until around 5.3.0 or so.

4.6.0 supported:

  • Safari 14-16
  • Firefox 91 and 102
  • Then-current versions of Chrome, Firefox, and Edge

5.12.1 supported:

  • Safari 16-17
  • Firefox 102, 155, 128, and 140
  • Then-current versions of Chrome, Firefox, and Edge

sgravrock avatar Nov 01 '25 00:11 sgravrock