You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "Hitesh Shah (JIRA)" <ji...@apache.org> on 2016/06/06 05:19:59 UTC
[jira] [Comment Edited] (TEZ-3285) Tez UI: Lock down dependency
versions using npm-shrinkwrap
[ https://issues.apache.org/jira/browse/TEZ-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15316206#comment-15316206 ]
Hitesh Shah edited comment on TEZ-3285 at 6/6/16 5:19 AM:
----------------------------------------------------------
bq. This doesn't affect the final build. Also we don't use any of these libraries directly. So should we update the license/notice files?
If they are in the final war file then yes.
bq. Both package.json and the shrinkwrap must update on `npm install --save`
Is npm install invoked on each build? Do these files get updated on each build creating a dirty workspace on each build/run?
Also, I dont see any aspects of the dev README updated on a how-to on maintaining this or what to do when adding new additions or how to make version changes for dependencies? Additionally, is there a way to set ranges for dependencies i.e. allow for 1.1.x so that we get any critical bug fixes, etc for the dependencies?
was (Author: hitesh):
bq. This doesn't affect the final build. Also we don't use any of these libraries directly. So should we update the license/notice files?
If they are in the final war file then yes.
bq. Both package.json and the shrinkwrap must update on `npm install --save`
Is npm install invoked on each build? Do these files get updated on each build creating a dirty workspace on each build/run?
Also, I dont see any aspects of the dev README updated on a how-to on maintaining this or what to do when adding new additions or how to make version changes for dependencies? Additionally, is there a way to set ranges for dependencies i.e. allow for 1.1.x so that we get any critical bug fixes, etc?
> Tez UI: Lock down dependency versions using npm-shrinkwrap
> ----------------------------------------------------------
>
> Key: TEZ-3285
> URL: https://issues.apache.org/jira/browse/TEZ-3285
> Project: Apache Tez
> Issue Type: Bug
> Reporter: Sreenath Somarajapuram
> Assignee: Sreenath Somarajapuram
> Attachments: TEZ-3285.1.patch, TEZ-3285.2.patch, TEZ-3285.3.patch, TEZ-3285_batch-0.8_1.patch
>
>
> All dependencies of tez-ui is having fixed versions. But the dependencies of our dependencies are not. Hence a level down in the dependency tree, the build might be looking for the latest packages. This affects the reliability of the UI build.
> NPM:
> npm shrinkwrap create a separate json from the currently installed packages, and ensure that the complete dependency tree is intact across all the build.
> Bower:
> Bower doesn't have a hierarchy and this issue can be avoided by locking on a specific version for all dependent package in the bower.json itself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)