http://coldfusion.com logo
#box-products
Title
# box-products
a

Adam Cameron

04/17/2022, 12:34 PM
I dunno if this is related to the above, but tilde range constraints don't help me here. I have specified
"fw1":"~4.2.0"
, which should only allow a maximum version of
4.2.∞
, yet it just installed
4.3.0
for me again. I'll try to just tie it down to a concrete
4.2.x
and see what happens...
Nope. Still grabbed "4.3.0".
t

tonyjunkes

04/17/2022, 6:09 PM
I think the issue is with how the package/version is set up on ForgeBox. I haven't published a ForgeBox package in a while, but part of the process is providing the contents of a box.json. If the location key is included in the json string, it will override where ForgeBox goes to pull the package. At least that's my understanding. So if the json tied to the package/version contains the same location key telling it to look at the develop branch, like the box.json in the branch itself, that could be why it is pulling 4.3.0 in.
πŸ‘ 1
a

Adam Cameron

04/17/2022, 6:28 PM
Sounds error prone. But the *box stuff is usually pretty solid so there might be a reason for it. I'd've thought the version value in the box.json would be the single source of truth. Ah well: it's not the most significant barrier to progress for me today anyhow. And I got past it.
b

bdw429s

04/18/2022, 6:56 PM
@Adam Cameron The issue is in the configuration of the package. The
box.json
for the latest stable version of FW/1 on ForgeBox (4.2.0) has the following`
Copy code
"location": "framework-one/fw1#master",
Which basically means, "W_hen you install this version, this is where you go to find me_". However, if we go and look at what is on the
master
branch in Github, we see the
box.json
committed there doesn't match
Copy code
"version":"4.3.0",
https://github.com/framework-one/fw1/blob/master/box.json#L4 So the
location
of the
4.2.0
version of the package points to a place where the code for
4.3.0
lives which causes the issue. CommandBox will favor whatever version the downloaded code claims to be regardless of what version it was supposed to be on ForgeBox (though the two should never differ).
In reality, the ForgeBox package location needs to stop pointing to the
master
branch as it will mean older version of the package will also just install whatever is in that branch regardless of what version you pointed to.
a

Adam Cameron

04/18/2022, 6:58 PM
I suspected it was something like that.
t

tonyjunkes

04/18/2022, 6:58 PM
This is what I figured. I'll mention it in the fw1 channel so it can be corrected.
βœ… 1
a

Adam Cameron

04/18/2022, 6:58 PM
Thanks pal.
b

bdw429s

04/18/2022, 6:58 PM
The
box.json
needs to point to a tag for each version
Copy code
"location": "framework-one/fw1#v4.2.0",
or, better yet, just use the inbuilt S3 storage that is available now (which is basically how npm works). Changing the
box.json
to either remove the
location
tag entirely or change it to
Copy code
"location": "forgeboxStorage",
will mean when Sean runs
Copy code
box publish
it will zip up exactly the code right then and put that zip file on S3 and there's no Git cloning involved, which makes it actually faster to install.
t

tonyjunkes

04/18/2022, 7:01 PM
Pretty sure Steven Neiland is the only true maintainer now so I'll let him know. Not sure how/if he’s done anything with publishes to ForgeBox, but I'll help him get it sorted.
⭐ 1
b

bdw429s

04/18/2022, 7:01 PM
It would appear the entire publish to forgebox was forgotten for 4.3.0, but I'm happy to help him get forgebox straightened out if he needs
⭐ 1
t

tonyjunkes

04/18/2022, 7:02 PM
Thanks Brad I'll pass that along.
s

sneiland

04/18/2022, 9:28 PM
I've updated the location issue with the 4.2.0 release and will get 4.3.0 up on forgebox later tonight. Forgebox fell off my radar in terms of package management
@Adam Cameron That should be resolved for you now
⭐ 1
a

Adam Cameron

04/18/2022, 9:42 PM
Thanks @sneiland! I need to finish up a blog article, but almost done, and will check in 30min or so.
Works perfect, thanks mate.
s

sneiland

04/18/2022, 10:20 PM
No problem
3 Views