pihentagy
pihentagy2w ago

fix library version of a dependency

Putting this to deno.json 
{
  "imports": {
    "gcp-metadata": "npm:gcp-metadata@6.1.0"
  }
}
{
  "imports": {
    "gcp-metadata": "npm:gcp-metadata@6.1.0"
  }
}
but having this in deno.lock: 
    "google-auth-library@9.15.1": {
      "integrity": "sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng==",
      "dependencies": [
        "base64-js",
        "ecdsa-sig-formatter",
        "gaxios",
        "gcp-metadata",
        "gtoken",
        "jws"
      ]
    },

    "gcp-metadata@6.1.1": {
      "integrity": "sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==",
      "dependencies": [
        "gaxios",
        "google-logging-utils",
        "json-bigint"
      ]
    },
    "google-auth-library@9.15.1": {
      "integrity": "sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng==",
      "dependencies": [
        "base64-js",
        "ecdsa-sig-formatter",
        "gaxios",
        "gcp-metadata",
        "gtoken",
        "jws"
      ]
    },

    "gcp-metadata@6.1.1": {
      "integrity": "sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==",
      "dependencies": [
        "gaxios",
        "google-logging-utils",
        "json-bigint"
      ]
    },
Generated after deleting deno.lock, and doing deno cache --allow-import -r main.ts Please help finding a good tag, I found just Deno CLI for that.
6 Replies
marvinh.
marvinh.2w ago
I'm not able to reproduce that. For me only gpc-metadata@6.1.0 is installed. What I tried: 1. Run deno init 2. Add gcp-metadata@6.1.0 to the imports section in deno.json 3. Run deno install -> check lockfile
©TriMoon™
©TriMoon™2w ago
That version must be a dependancy of google-auth-library@9.15.1, that you are not able to override like that... Depending on how that module imports gcp-metadata, you might be able to override it maybe using a import-map definition that targets the exact version they use in their import statements.... Maybe you need to use vendor 🤷‍♀️
pihentagy
pihentagyOP2w ago
What is the import-map syntax then?
pihentagy
pihentagyOP2w ago
The offending dependency is here: https://github.com/googleapis/google-auth-library-nodejs/blob/main/package.json#L23
GitHub
google-auth-library-nodejs/package.json at main · googleapis/google...
🔑 Google Auth Library for Node.js. Contribute to googleapis/google-auth-library-nodejs development by creating an account on GitHub.
©TriMoon™
©TriMoon™2w ago
Seems like they use a Package.json file to define the version used. I have no idea how to override that... (Still new to deno myself too) Maybe try to use vendor and change that file for your own version? 🤔 AFAIK, the vendor option is like making the package a devVersion that creates local package dependancies in your workspace.
©TriMoon™
©TriMoon™2w ago
@pihentagy I just found this that you might want to take a look at, it might help you in this case: https://jspm.org/docs/integrations Especially when combined with: https://jspm.org/docs/integrations#nodejs-loader
JSPM - Integrations
JSPM Integrations Documentation

Did you find this page helpful?