bookshelf@1.2.0" has incorrect peer dependency "knex@>=0.15.0 <0.22.0"

[kunxin-chor]

• Related Issues: #IssueNumber if necessary

Introduction

I did a yarn add knex, followed by yarn add bookshelf, and got this warning message:

bookshelf@1.2.0" has incorrect peer dependency "knex@>=0.15.0 <0.22.0"

Issue Description

Whenever yarn is ran, I'll get:

bookshelf@1.2.0" has incorrect peer dependency "knex@>=0.15.0 <0.22.0"

Steps to reproduce issue

yarn add knex
yarn add bookshelf

Expected behaviour

No warning message

Actual behaviour

Gotten the warning message bookshelf@1.2.0" has incorrect peer dependency "knex@>=0.15.0 <0.22.0"

[therour]

I found workaround based on npm docs

we can ignore the peer dependency by adding --legacy-peer-deps
so we can install bookshelf with

npm i bookshelf --legacy-peer-deps

or

yarn add bookshelf --legacy-peer-deps

[throrin19]

This is not a viable solution. The best part is to have a bookshelf upgrade with correct peer dependencies versions.

[askides]

Any news about this problem?

[therour]

@itsrennyman based on issue in objection.js
mostly the incompatibility is about typings...

so the workaround wont have any effect on functionality but will be problem on typings
is that right? @kibertoad sorry to mention you

[kibertoad]

@therour Yes, as long as migration guide from knex documentation is followed.

[pblanco-dekalabs]

I'm trying to add integrity checks via yarn check command in my commit hooks but this prevents me from doing so.
Any workaround? (Like editing some configuration?)

[gpatsiaouras]

We are using knex 0.95.11 with Bookshelf 1.2.0 and it works fine. Can we just correct the package.json to support higher versions?

[shumiyao]

I agree. I finally started seeing high vulnerabilities warnings with npm audit.

[ericsvendsen]

Any possibility of getting this resolved? I too am using the latest version of Knex (at this time, 0.95.14) with Bookshelf 1.2.0 just fine. Using the --legacy-peer-deps will skip peerDependencies (and --force will obviously force the issue), but using those flags long-term in my opinion is not ideal.

[kibertoad]

@ericsvendsen Would you be open to send a PR adjusting version in package.json?

[ericsvendsen]

@kibertoad Yeah absolutely! Sorry, I made the comment and had to move on at the time. Thanks for the reminder.

[daniellockyer]

I believe the only changes I can see for Bookshelf to move to knex v1 are:

diff --git a/package.json b/package.json
index d1fb5c7..2b0fa8c 100644
--- a/package.json
+++ b/package.json
@@ -42,6 +42,7 @@
     ]
   },
   "devDependencies": {
+    "@vscode/sqlite3": "^5.0.7",
     "bookshelf-jsdoc-theme": "^1.0.1",
     "chai": "^4.2.0",
     "eslint": "^6.8.0",
@@ -49,7 +50,7 @@
     "eslint-plugin-prettier": "^3.1.2",
     "husky": "^3.0.5",
     "jsdoc": "^3.6.3",
-    "knex": "~0.21.0",
+    "knex": "^1.0.3",
     "lint-staged": "^9.2.5",
     "mocha": "^7.1.2",
     "mysql": "^2.18.1",
@@ -58,7 +59,6 @@
     "prettier": "^1.18.2",
     "sinon": "^8.1.1",
     "sinon-chai": "^3.3.0",
-    "sqlite3": "^4.1.1",
     "uuid": "^3.3.3"
   },
   "peerDependencies": { 
diff --git a/test/integration/model.js b/test/integration/model.js
index 67606db..501d7bd 100644
--- a/test/integration/model.js
+++ b/test/integration/model.js
@@ -5,7 +5,7 @@ var assert = require('assert');
 var equal = assert.strictEqual;
 var deepEqual = assert.deepEqual;
 var helpers = require('./helpers');
-var QueryBuilder = require('knex/lib/query/builder');
+var QueryBuilder = require('knex/lib/query/querybuilder');
 
 module.exports = function(bookshelf) {
   describe('Model', function() {

There might be something to do with RETURNING but I don't think it's a problem here? 🤔

And of course, we need to change the peer dependencies but I'm unsure what they'd be unless support was dropped for Knex <v1

[ericsvendsen]

@kibertoad finally got back to this, and the commits in the already existing PR look good to me, aside from the additional comment I made in that discussion thread. Obviously there's no need to submit a duplicate PR, but I'd be willing to help in any other way I can.

[throrin19]

@ericsvendsen any news ?

[ericsvendsen]

@throrin19 Nope, sorry. I'm just an outsider looking in, so I have no idea if there are plans to address open PRs or not.

[BenGardiner123]

any news?

[boompig]

any updates?

[TOcvfan]

I really don't understand this error or why it still haven't been fixed

[kibertoad]

@ricardograca Maybe project needs additional maintainers? There was PR available for this forever

[LeslieR0SS]

Hello everyone, this error still persists. Is there any update?

[throrin19]

@LeslieR0SS Sorry but the project seems abandoned.

For my case, I made research to migrate to objection.js instead of this package

[LeslieR0SS]

Ohh what a pity. Thank you so much El El lun, 9 ene 2023 a las 11:12, Benjamin Besse ***@***.***> escribió:

…

@LeslieR0SS <https://github.com/LeslieR0SS> Sorry but the project seems abandoned. For my case, I made research to migrate to objection.js instead of this package — Reply to this email directly, view it on GitHub <#2106 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AV2QYRFENJF7NHWFVJDSJI3WRPQARANCNFSM4ZP5773A> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[2Proton2]

The package.json file of Bookshelf on npm website has a peer dependency for knex i.e. it's version should lay between >=0.15.0 <0.22.0. I downgraded knex to 0.21.19 version and the error was solved. This is the only solution I guess.