Description
Having multiple different versions of SDK packages installed can lead to a lot of subtle and hard-to-debug issues. This can sadly happen quite easily, e.g. if you have a bundler plugin installed and then install a newer sentry SDK package, you may still have some references to the versions previously installed through the bundler plugin installed, etc. We have this issue pop up quite regularly, and right now it is very hard for either us our our users to figure out what is going on, and if that is a problem.
In order to fix this, we should add three things
- A command to check if you have mismatched SDK versions installed:
npx @sentry/bundler-plugin-core@latest verify-sdk-versions - Automatically run this command in bundler builds & output a helpful warning if it fails
- A command to try to fix the mismatched SDK versions:
npx @sentry/bundler-plugin-core@latest fix-sdk-versions
The warning could be something like this:
[warn] sentry-cli detected that you have multiple conflicting versions
of Sentry SDK packages installed.
This can happen if you update some package,
but some other dependency still holds on to an older version.
Having different SDK package versions can lead to a variety of hard-to-debug issues,
so we strongly recommend to align your package versions.
You can run:
npx @sentry/bundler-plugin-core@latest fix-sdk-versions
to try to automatically fix this for you.
These commands would need to work for npm, yarn & pnpm lockfiles. I propose to use an approach similar to https://github.com/mydea/yarn-update-dependency, where we actually read the lockfile and find all the installed versions from there. We can probably also use a similar approach to try to fix the installed versions.