-
Notifications
You must be signed in to change notification settings - Fork 328
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ui dependencies in package-lock.json missing resolved/integrity fields #2300
base: main
Are you sure you want to change the base?
Conversation
0df999a
to
7f5da38
Compare
Thanks for the PR @sarcasticadmin!
I suppose you didn't run
Hm... not really. I would expect to only see integrity hashes added where missing. This, however, also updates versions.
I only tested with react, and it seems to work. Needs to be verified for the rest of the packages though. |
Nope I didnt run it that way, will retry with
I would agree. You'd think
Right on, Ill give that a go and report back |
7f5da38
to
6ab9b12
Compare
6ab9b12
to
7a4be6e
Compare
7a4be6e was a result of the following commands. The oneliner excessive but I think it proves out the point adding the exact versions via npm. This was ran against all packages in $ cp package-lock.json orig-package-lock.json
$ rm -rf node_modules package-lock.json
$ cat orig-package-lock.json | \
jq -r '.packages | to_entries[] | if .value.dev == true then .value.dev = "--save-dev" end | [.key,.value.version,.value.dev // ""] | @tsv' | \
sed 's/^node_modules\///' | \
grep -v 'node_modules' | \
tail -n +3 | tr -s '[:blank:]' '@' | \
rev | sed 's/@/ /' | rev | \
xargs -I {} npm i {}
Some additional comments:
|
Thanks @sarcasticadmin! Seems like we will need to wait for npm/cli#4460 to provide official way to fix this. In the meantime, I am wondering whether there is a way to disable the |
I doubt npm will get to this anytime soon, this has been open since 2022. I'll take another stab at this by calculating the
I opted to use the published release for the ui components: https://github.com/sandra-radio/ebb/blob/c3b3644e7d3141cda7e93cea1aec362a25792d15/nix/pkgs/waved.nix#L18-L30 |
Pretty hacky, but I guess there is no other way to do this properly. Sounds good to me!
👍 |
The PR fulfills these requirements: (check all the apply)
main
branch.feat: Add a button #xxx
, where "xxx" is the issue number).Closes #xxx
, where "xxx" is the issue number.ui
folder, unit tests (make test
) still pass.Closes #2299
The following PR attempts to maintain the versions of node packages thats closest to the existing packages-lock.json. I was unable to find a way to simple populate the missing resolved/integrity fields in the original packages-lock.json
The process was as follows:
The result builds successfully. However, I have a couple of outstanding items I wanted to raise with the maintainers:
npm test
- I see a lot of failures but I suspect this could be due to being on node 18 since I see a ton of failures offmain
rm -rf node_modules package-lock.json && npm install
. Whats odd is that react was still on ~17.0.2:npm install
added theeslint-plugin-wave
entry. But maybe this is because it comes from wave-ui itself?System information
default.nix placed in the
ui
subdir: