Change jade dependency to pug after their renaming

[astorije]

It was already mentioned in #1811, and the original discussion comes from pugjs/pug#2184.

At the moment, installing the latest mocha (2.4.5), we get the following warning:

npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade

I wanted to take a shot at it but realized you've been using a 2012-old version of jade for reasons, and it looks like they haven't released old versions under the new name, so unless they do, it's not a trivial change.
Maybe a start could be requesting them to publish specific versions considering they have git tags for them...

[boneskull]

We cannot upgrade to pug atm as this would cause old versions of npm to fail. For now we support Node.js v0.8.x out of the box. Support will be dropped @ next major.

[silkentrance]

@boneskull Please be more specific. How can this break old versions of npm?

[danielstjules]

If a dependency or nested dependency uses tildes/carets in their package.json, it breaks old npm support. Check here for an example: #2121 (comment)

Using npm 1.2.30, I get several failures since they can't resolve versions with ^

npm ERR! Error: No compatible version found: pug-error@'^1.3.0'
npm ERR! Valid install targets:
npm ERR! ["0.0.0","1.3.0"]

[donaldpipowitch]

Support will be dropped @ next major.

Is there an estimated date for this?

[dasilvacontin]

@donaldpipowitch There's lots to fix before dropping support for v0.8.x. Is this just because of the warning, or?

[donaldpipowitch]

No, just a general question :) I was a little surprised that 0.8.x is still so important?

[dasilvacontin]

I think @boneskull has a better insight regarding 0.8 usage.

[mitselek]

it just sucks getting this warning message every time I like to use mocha.
I understand there are IT-restrictions and good reasons and what not - it just looks plain ugly and renaming happened a while ago.
Do something about it. Figure it out and fix it, please :) You can't postpone it till "next major" because next major is not about resolving jade issue, package renaming is absolutely irrelevant in next major - weak excuse.

And cheers - I love your work!

[dasilvacontin]

@mitselek The only acceptable option is to upgrade the dependency in the next major version, it's not a weak excuse.

pug uses ^ in its package.json, which is not supported in older versions of npm, e.g. the one that comes with node 0.8. Therefore, you wouldn't be able to use Mocha with node 0.8 anymore, which is a breaking change, and, as any breaking change, it must be introduced with a major version: http://semver.org/.

Cheers!

[mitselek]

Actually I fail to understand, how would it be breaking change in this particular case.
We are talking about users, who doesnot had caret in versions, so their code could only follow the versions to next MINOR. So it can't actually break anything for them if you introduce caret in next MINOR?

[astorije]

Well, I didn't expect this issue to trigger so many opinions :-)

I understand both sides. Yes, maintaining compatibility of old versions of Node.js/npm is important (even though this shows that v0.8 is well buried, I fully understand it cannot be removed before next major bump of Mocha). Yes, this warning is indeed annoying.

So, what about nicely requesting @pugjs to npm publish version 0.26.3, which is tagged on GitHub anyway, and pointing to this one on Mocha's package.json in a new patch release?
It's not much of an improvement when you think of it, but compatibility is maintained and warning is removed...
Woud that solve this issue?

[ScottFreeCode]

@mitselek, it wouldn't break automatic updates to Mocha as a dependency using the caret, but (at least according to the documentation for the old version of npm in question) it would still break updates using > or >= or .x.x, and even if it didn't it would also break manual updates (which matters inasmuch as A] people might be using manual updating in the absence of a suitable automatic updating feature, B] semantic versioning is meant to help convey intended compatibility even in the absence of automatic updating, and/or C] people might want their versions locked down rather than automatically updating but still want to update in a more controlled fashion).

[donaldpipowitch]

I don't understand the caret problem. It depends on npm and not Node or am I wrong? 0.8 Node users can use the newest npm.

[boneskull]

Let me clear up any confusion:

1. Node.js 0.8x ships with a version of npm which does not support carets.
2. If a caret is present in any dependency of mocha, or any dependency of dependency of mocha, or any dependency of dependency of dependency of mocha, ad nauseam, mocha will fail to install with this version of npm.
3. In practice, this means that even if pug eliminates carets from its package.json, if it depends on another package that uses carets, mocha will fail to install with this version of npm.
4. Node.js 0.8x users of Mocha may or may not be able to upgrade npm in their environment. We cannot expect them to.
5. Upgrading before a major release would break semver, regardless of whether these users would immediately be affected.

If it becomes critical to upgrade to pug before the next planned major, we'll address it. It remains a warning, and while it may be "ugly" or bothersome, it doesn't break your npm install mocha.

Workaround 1

Fork mocha, upgrade the dependency, and publish it under your npm user's namespace, install from there, or just install from GitHub.

Workaround 2

Change the log level of npm to error as per npm configuration. Behold the miracle as no warnings appear when installing mocha.

For the skeptics: Need convincing? Try npm install mocha --loglevel=error!

---

@mitselek: Your demands that we "fix" this issue are not well-received; it makes you sound spoiled. Please understand that this is an open-source project, and you are not entitled to support.

[boneskull]

(linking to pugjs/pug#2184)

[boneskull]

(also #1887)

[mitselek]

@boneskull I apologise for my semi-intentional unpolite language. I encounter closed-source coding on daily basis so I really do appreciate quality and commitment so abundant in open-source world.

For some reason I do have greatly higher expectations for support even acknowledging that I do not have any legal basis. Maybe thats because I love to point corporate coders to open-source community, where lots of effort is put into "thinking before acting" versus just spit it out and let the customer to suck it up.

So I want to make sure we have thought about every possible solution to not show unnecessary warning messages in install procedures to millions of users every month.

I can't emphasise enough how thankful I am for existence of projects like this.

[iknowcss]

Looks like no one has taken @astorije 's advice yet so I opened an issue on pug's tracker: pugjs/pug#2384

[astorije]

Thanks @iknowcss!

[mike-lang]

> If it becomes critical to upgrade to pug before the next planned major, we'll address it.

Reading the document that the jade/pug maintainer has been asked to sign suggests that jade will disappear from npm shortly. Specifically the section of this comment that states:

> For the avoidance of doubt, references to JADE on the website https://www.npmjs.com are permissible during the period ending six months after the date of these Undertakings. Upon the expiry of the six month period, I will make no further use of the sign "JADE" in any context.

This was posted January 29th. Is the next major release expected to happen between now and august?

Nevermind

[dasilvacontin]

I believe I read somewhere that npm learnt from past mistakes (left-pad) and will not allow unpublishing of packages that have been longer than 12h in the registry or had any downloads. But someone should confirm this.

On 20 May 2016, at 23:17, Michael Lang notifications@github.com wrote:

If it becomes critical to upgrade to pug before the next planned major, we'll address it.

Reading the document that the jade/pug maintainer has been asked to sign suggests that jade will disappear from npm shortly. Specifically the section of this comment that states:

For the avoidance of doubt, references to JADE on the website https://www.npmjs.com are permissible during the period ending six months after the date of these Undertakings. Upon the expiry of the six month period, I will make no further use of the sign "JADE" in any context.

This was posted January 29th. Is the next major release expected to happen between now and august?

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub

[mike-lang]

@dasilvacontin - @TimothyGu confirmed on another thread that despite what that post said, old versions of jade will not be unpublished from npm regardless of whether npm would heed such a request anyway

[boneskull]

yes, another left-pad-gate would likely be avoided. jade shouldn't be removed from npm.

[TimothyGu]

As I mentioned in the Pug issue, the Jade version used by Mocha is extremely old. Is there a specific reason/issue holding back the update?

[iknowcss]

It would break old versions of node as per this comment:
#2200 (comment)

Seems it might be updated in the next major release of mochajs

[anthony-redFox]

The jade/pug dependency was removed in v3 major version.
Should be closed favor #2356

ping @boneskull

[tripu]

v3 isn't published yet, right? This is still an issue until/unless #2356 is addressed.

[mikermcneil]

Looks like it's really close. In Sails, I'm just doing balderdashy/captains-log@f2fffc3 in the mean time. @boneskull Let me know if I can help.

[boneskull]

Right, v3.0.0 removes the jade/pug dependency altogether. I'll close this

[boneskull]

See #2350 for status