Auth0.swift icon indicating copy to clipboard operation
Auth0.swift copied to clipboard
verified publisher icon auth0

Auth0 2.8.0 is unable to resolve dependencies

Open swizzlr opened this issue 1 year ago • 7 comments

Checklist

  • [X] The issue can be reproduced in the Auth0.swift sample app (or N/A).
  • [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
  • [X] I have looked into the API documentation and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Description

https://github.com/auth0/Auth0.swift/blob/024503207ea5e8b4a0edb38125723f4a1c386139/Package.swift#L13

now resolves to SimpleKeychain 1.2.0. 2.8.0 supports iOS 13, but 1.2.0 supports iOS 14.

The workaround is to either update to 2.9.0 or manually fix a dependency on SimpleKeychain at 1.1.0. A previously pinned package will continue to work until either an attempt is made to resolve without pins or if the user attempts to update all package versions with Xcode (which does not support selectively updating the package.resolved).

The impact of this is that any CI processes that currently resolve to 2.8.0 (e.g. upToNextMinor) and have unpinned dependencies (such as internal packages) will now arbitrarily break.

Reproduction

  • Resolve a Swift package that depends on 2.8.0 (e.g. upToNextMinor or exact)
  • See that it doesn't

Additional context

No response

Auth0.swift version

2.8.0

Platform

iOS

Platform version(s)

n/a

Xcode version

n/a

Package manager

Swift Package Manager

swizzlr avatar Sep 17 '24 20:09 swizzlr

Hi @swizzlr,

We are working on fixing this

desusai7 avatar Sep 20 '24 04:09 desusai7

Hi @swizzlr,

Thank you so much for your patience! I'm happy to share that we've addressed this issue in our 2.9.0 release, which now pins dependencies to a specific version rather than allowing updates up to the next major release.

In the meantime, manually setting the dependency version should resolve the issue for you. Please let us know if you run into any further problems—we're always here to help!

desusai7 avatar Sep 23 '24 05:09 desusai7

@desusai7 I am absolutely furious with how this has been handled. As the owners of the Auth0 library, it is beyond unacceptable that you’ve likely broken the systems of hundreds of your customers with this change and haven't even bothered to release a patch. And then you expect us to manually adjust dependencies ourselves? This is completely outrageous.

At the very least, you should have released a 2.8.1 patch to fix the version pinning, which would have prevented this mess and ensured customers didn’t encounter the issue in the first place.

To make matters worse, 2.8.0 is a disaster. It should be treated as a faulty release, possibly removed altogether, and customers should be directed to the fixed 2.8.1.

Get this sorted out immediately. You're eroding customer trust, and this level of negligence is unacceptable.

hsingh-texada avatar Oct 04 '24 14:10 hsingh-texada

Any updates here @desusai7 ?

hsingh-texada avatar Oct 08 '24 17:10 hsingh-texada

Hi @hsingh-texada,

Apologies for all the delay on this, we will release a patch for this.

desusai7 avatar Oct 09 '24 12:10 desusai7

Hi @swizzlr, @hsingh-texada,

We've just released version 2.8.1 with the fix to this issue, please check this out and let us know if you run into any issues

desusai7 avatar Oct 10 '24 03:10 desusai7

I think I'm getting the same issue with 2.10.0 CleanShot 2024-10-22 at 17 57 40@2x

How can I fix this? I tried 2.8.1 as well, didn't work

Meowzz95 avatar Oct 22 '24 09:10 Meowzz95

Closing, as this was fixed in 2.8.1.

@Meowzz95 that seems like a networking issue.

Widcket avatar Jan 10 '25 16:01 Widcket