You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pr@jena.apache.org by GitBox <gi...@apache.org> on 2022/02/18 16:00:12 UTC
[GitHub] [jena] afs opened a new pull request #1199: yarn upgrade
afs opened a new pull request #1199:
URL: https://github.com/apache/jena/pull/1199
The result of running `yarn upgrade` and no other changes.
`yarn --version` is 1.22.17, installed via snap, from the node snap latest (node 16.14.0).
Is this version a problem?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org
[GitHub] [jena] kinow commented on pull request #1199: yarn upgrade
Posted by GitBox <gi...@apache.org>.
kinow commented on pull request #1199:
URL: https://github.com/apache/jena/pull/1199#issuecomment-1045199175
> The result of running `yarn upgrade` and no other changes.
>
> `yarn --version` is 1.22.17, installed via snap, from the node snap latest (node 16.14.0).
>
> Is this version a problem?
Shouldn't be a problem. That's the version the Maven plug-in is downloading locally as well.
```bash
kinow@ranma:~/Development/java/jena/jena/jena-fuseki2/jena-fuseki-ui$ ./node/yarn/dist/bin/yarn --version
1.22.17
```
>My working copy of Jena has received more security alerts than here (at the moment) and I think they are all addressed by this PR. None look very serious.
:+1:
>The dependabot security alert for ajv seems confused. It says it can't go past 5.5.2 but yarn.lock has 6.12.6 via a different route.
Huh, not sure how to solve that one. The `istanbul` library is not compatible with Vue 3 & Vite yet I think (https://github.com/istanbuljs/istanbuljs/issues/668), so that might go away as soon as we upgrade to Vue 3 (first e2e/functional tests, then after that I'll upgrade to Vue 3).
Maybe we could upgrade a few more dependencies? After looking at the output of `ncu`, I found a few more dependencies that can be updated (I skipped the hairy ones, like sass, and Vue 2->3).
```diff
diff --git a/jena-fuseki2/jena-fuseki-ui/package.json b/jena-fuseki2/jena-fuseki-ui/package.json
index 160077f84f..0ac135d671 100644
--- a/jena-fuseki2/jena-fuseki-ui/package.json
+++ b/jena-fuseki2/jena-fuseki-ui/package.json
@@ -14,28 +14,28 @@
"lint": "vue-cli-service lint"
},
"dependencies": {
- "@fortawesome/fontawesome-svg-core": "^1.2.36",
- "@fortawesome/free-solid-svg-icons": "^5.15.4",
+ "@fortawesome/fontawesome-svg-core": "^1.3.0",
+ "@fortawesome/free-solid-svg-icons": "^6.0.0",
"@fortawesome/vue-fontawesome": "^2.0.6",
"@triply/yasqe": "^4.2.20",
"@triply/yasr": "^4.2.21",
- "axios": "^0.25.0",
+ "axios": "^0.26.0",
"bootstrap": "^5.1.3",
"bootstrap-vue": "^2.21.2",
- "core-js": "^3.20.3",
- "follow-redirects": "^1.14.7",
+ "core-js": "^3.21.1",
+ "follow-redirects": "^1.14.9",
"vue": "^2.6.14",
"vue-router": "^3.5.3",
"vue-upload-component": "^2.8.22"
},
"devDependencies": {
- "@babel/register": "^7.16.9",
+ "@babel/register": "^7.17.0",
"@istanbuljs/nyc-config-babel": "^3.0.0",
- "@vue/cli-plugin-babel": "^4.5.15",
- "@vue/cli-plugin-e2e-cypress": "^4.5.15",
- "@vue/cli-plugin-eslint": "^4.5.15",
- "@vue/cli-plugin-unit-mocha": "~4.5.15",
- "@vue/cli-service": "^4.5.15",
+ "@vue/cli-plugin-babel": "^5.0.1",
+ "@vue/cli-plugin-e2e-cypress": "^5.0.1",
+ "@vue/cli-plugin-eslint": "^5.0.1",
+ "@vue/cli-plugin-unit-mocha": "~5.0.1",
+ "@vue/cli-service": "^5.0.1",
"@vue/eslint-config-standard": "^6.1.0",
"@vue/test-utils": "^1.3.0",
"babel-eslint": "^10.1.0",
@@ -49,9 +49,9 @@
"eslint-plugin-vue": "^8.4.0",
"istanbul-instrumenter-loader": "^3.0.1",
"nyc": "^15.1.0",
- "sass": "^1.49.0",
+ "sass": "^1.49.8",
"sass-loader": "^10.1.1",
- "sinon": "^12.0.1",
+ "sinon": "^13.0.1",
"vue-template-compiler": "^2.6.14"
},
"resolutions": {
```
And then run `yarn install`. WDYT?
Thanks!
Bruno
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org
[GitHub] [jena] afs commented on pull request #1199: yarn upgrade
Posted by GitBox <gi...@apache.org>.
afs commented on pull request #1199:
URL: https://github.com/apache/jena/pull/1199#issuecomment-1046088024
Done, keeping two commits.
Bots - your move.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org
[GitHub] [jena] afs merged pull request #1199: yarn upgrade
Posted by GitBox <gi...@apache.org>.
afs merged pull request #1199:
URL: https://github.com/apache/jena/pull/1199
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org
[GitHub] [jena] afs commented on pull request #1199: yarn upgrade
Posted by GitBox <gi...@apache.org>.
afs commented on pull request #1199:
URL: https://github.com/apache/jena/pull/1199#issuecomment-1046017590
Good time to update dependencies as much as possible.
I took your diff and built the system. Light testing but it seems to work. (Unsurprisingly, a blind update everything fails.)
Do you want to give it a quick test or shall merge it so we see the full effect (the bots only look at branch `main`)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org
[GitHub] [jena] afs commented on pull request #1199: yarn upgrade
Posted by GitBox <gi...@apache.org>.
afs commented on pull request #1199:
URL: https://github.com/apache/jena/pull/1199#issuecomment-1044796770
It has added "follow-redirects": "^1.14.7" to package.json and yarn.lock there is 1.14.8. That's good.
My working copy of Jena has received more security alerts than here (at the moment) and I think they are all addressed by this PR. None look very serious.
The dependabot security alert for `ajv` seems confused. It says it can't go past 5.5.2 but yarn.lock has 6.12.6 via a different route.
The 5.x.y lock is due to:
`istanbul-instrumenter-loader@3.0.1 requires ajv@^5.0.0`
in:
```
@vue/cli-plugin-babel@4.5.15 requires ajv@^6.12.4 via a transitive dependency on schema-utils@2.7.1
@vue/cli-service@4.5.15 requires ajv@^6.12.4 via a transitive dependency on schema-utils@2.7.1
eslint@7.32.0 requires ajv@^6.12.4 via @eslint/eslintrc@0.4.3
eslint@7.32.0 requires ajv@^8.0.1 via table@6.8.0
istanbul-instrumenter-loader@3.0.1 requires ajv@^5.0.0 via schema-utils@0.3.0
sass-loader@10.2.1 requires ajv@^6.12.5 via a transitive dependency on schema-utils@3.1.1
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org