Ok, the build is broken in metron-config due to some transitive changes
that happened in npm-land:
[INFO]
/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32
[INFO] throw new Error('Cyclic dependency: '+JSON.stringify(node))
[INFO] ^
[INFO] Error: Cyclic dependency: "[object Object]"
[INFO] at visit
(/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32:13)
[INFO] at visit
(/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:48:9)
Evidently one of our transitive dependencies has changed and we have ended
up with a cyclic dependency. I'm not sure where or why yet, but I believe
this breaks both master and our 0.4.1 release (I haven't confirmed this
yet, but I strongly suspect).
While the good work of tracking down this specific error is done, I'd like
to bring up a broader discussion point: our practice of not fixing versions
for our node dependencies. This is, in effect, causing a few problems:
- We do not have a consistent, repeatable build.
- We set ourselves up for possible license violation without knowing
about it (a transitive dependency changes its license)
As we stand, we have a release which doesn't not build after we have
released it and tested it. It seems to me that we should at a minimum as a
stopgap:
- fix the versions of our dependencies so that they are in a working
state
- consider a point release to get a working build.
I guess my questions to those of us with more javascript and UI experience
is as follows:
- Does fixing the version of our dependencies actually fix the problem
transitively?
- IF not, then how do we get a version of a build which is consistent
and repeatable and does not expose us to downstream licensing issues?
Thanks,
Casey
