npm-assets and bower-assets lead to multiple jquery and jquery-ui versions

No matter what, this isn't a bug. It's Composer conducting its operations.

1. I don't know. We would have to see the composer.* files as they were at that time. A `composer why-not` would have been helpful.

2. It's not exactly the same command. composer require drupal/core-recommended:10.2.4 pins a specific version.

Thanks @cilefen → ,

That's useful help.

1) I have rolled back the code and database and I am ready try out a composer why-not but can you give me a bit more info as the what exactly I need to try?

2) Sure I agree, it's not exactlythe same command but is should have effectively the same if my composer.json was set correctly but it seems that is wasn't, it read...

..."drupal/core-composer-scaffold": "10.2.3",
        "drupal/core-project-message": "10.2.3",
        "drupal/core-recommended": "10.2.3",
...

I think that a remnant from the time when quite a few of us were having difficulties with moving up to 10.2 💬 Composer update to 10.2 does not register Closed: works as designed but I'll remedy with the addition of a '^'.

Glad to post up anything else I find after the composer why-not expt.

I don't know from which file that code output is, but if those dependencies had been pinned to specific versions, composer update will not change them. That is as expected.

Yep, if your composer.json specifies an exact version like "10.2.3" then you will always get that version and composer update will never upgrade it. You should use the ^ operator if you want composer update to be able to select newer versions.

composer why-not drupal/core 10.2.4 should tell you why the upgrade was not allowed.

For whatever reason, jquery3.7.1 has been removed from bower:
https://asset-packagist.org/package/bower-asset/jquery

I investigated the issue a bit more, as we have seen strange jquery version "jumps" during composer updates over the last year.
The problem is if a contrib or custom module requires a npm-asset or bower-asset via composer, these javascripts libs might have their own jquery or jquery-ui dependency which is specific to the reposititory.
So you one asset might require "npm-asset/jquery" while another requires "bower-asset/jquery". Even worse, the drupal core already includes jquery and jquery-ui as a copy!

So whatever gets updated during composer updates, you sometimes see strange jquery version jumps. But I guess, in most cases the built-in jquery version of drupal core will be used ... hopefully. In the worst case multiple different jquery version get loaded at the same time.

I think it would be correct that Drupal tells composer that it provides jquery and jquery-ui by itself and therefore already fulfills dependencies to jquery and jquery-ui of those assets.

And maybe that should be extended to all libs in the core/assets folder. But I created a MR for jquery and jquery-ui.

I investigated the issue a bit more, as we have seen strange jquery version "jumps" during composer updates over the last year.
The problem is if a contrib or custom module requires a npm-asset or bower-asset via composer, these javascripts libs might have their own jquery or jquery-ui dependency which is specific to the reposititory.
So you one asset might require "npm-asset/jquery" while another requires "bower-asset/jquery". Even worse, the drupal core already includes jquery and jquery-ui as a copy!

So whatever gets updated during composer updates, you sometimes see strange jquery version jumps. But I guess, in most cases the built-in jquery version of drupal core will be used ... hopefully. In the worst case multiple different jquery version get loaded at the same time.

I think it would be correct that Drupal tells composer that it provides jquery and jquery-ui by itself and therefore already fulfills dependencies to jquery and jquery-ui of those assets.

And maybe that should be extended to all libs in the core/assets folder. But here's a patch for jquery and jquery-ui.

Brilliant detective work @mkalkbrenner → !

In my case I think it was recent update to the facet → module (2.0.7 ,8 March 2024) that caused my site to revert the libraries version back to 3.6.4

What's the bug here? The MR is adding Bower and nom packagist endpoints to core, which we won't be doing

Core already fulfills the dependency to jquery and jquery-ui by itself. It is wrong to load jquery and jquery-ui twice from npm or bower.

All the library definitions of modules which require jquery don't explicitly reference the version from npm or bower. They reference juery in core. So composer should behave in the same way.

Tagging for framework manager

Though @larowlan in #11, is one mentioned this may be a no go.

The Needs Review Queue Bot → tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.

So I get why we're making the change, but I don't know if we want to hard prevent people from installing those things should they wish to.

I personally feel using composer to install npm packages already feels like you've entered the realm of the bad_judgement module.

I've asked other committers for their thoughts