OZ changed a revert message without version upgrade. Sometimes I get the old, sometimes the new

Hey guys, I came across a really weird issue.

Long story short: on GitLab CI our tests failed while locally not.

Turns out, the same package.json will sometimes give Version A, sometimes Version B of the same revert message inside the ERC1155-contract:

I have two folders with the same repository URL, the same package.json, but the local development folder has a yarn.lock which was accidentally excluded via .gitignore (which is wrong anyways).

In one case I get

❯ grep -HRi "ERC1155: caller is not token " node_modules

node_modules/@openzeppelin/contracts/token/ERC1155/ERC1155.sol:            "ERC1155: caller is not token owner or approved"
node_modules/@openzeppelin/contracts/token/ERC1155/ERC1155.sol:            "ERC1155: caller is not token owner or approved"
node_modules/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol:            "ERC1155: caller is not token owner or approved"
node_modules/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol:            "ERC1155: caller is not token owner or approved"

and in the other case I get

❯ grep -HRi "ERC1155: caller is not token " node_modules
node_modules/@openzeppelin/contracts/token/ERC1155/ERC1155.sol:            "ERC1155: caller is not token owner nor approved"
node_modules/@openzeppelin/contracts/token/ERC1155/ERC1155.sol:            "ERC1155: caller is not token owner nor approved"
node_modules/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol:            "ERC1155: caller is not token owner nor approved"
node_modules/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol:            "ERC1155: caller is not token owner nor approved"

Do you see the difference? It is between "owner or approved" and "owner nor approved".

This is happening via OpenZeppelin 4.7.3.

So when I first upgraded to 4.7.3 for some reason the old version of the error message will be installed, while install on a new setup without yarn.lock the new version.
In both files, package.json and yarn.lock the same version will be used!

Shouldn't we create new versions instead when such changes like changing a revert-message will cause such trouble?

Are you sure your package.json has specified the exact version and not just version x and later. A lot of these issues come from having only the major version fixed but not the minor/exact version.

And make sure to delete your node modules folder if you make any changes so they reinstall with the correct version if you change anything