Hmm, 0.4.1 built fine for me.
Jon
On Mon, Oct 2, 2017 at 10:44 AM Casey Stella <ceste...@gmail.com> wrote:
> Ok, the build is broken in metron-config due to some transitive changes
> that happened in npm-land:
>
> [INFO]
>
> /Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32
> [INFO] throw new Error('Cyclic dependency: '+JSON.stringify(node))
> [INFO] ^
> [INFO] Error: Cyclic dependency: "[object Object]"
> [INFO] at visit
>
> (/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32:13)
> [INFO] at visit
>
> (/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:48:9)
>
> Evidently one of our transitive dependencies has changed and we have ended
> up with a cyclic dependency. I'm not sure where or why yet, but I believe
> this breaks both master and our 0.4.1 release (I haven't confirmed this
> yet, but I strongly suspect).
>
> While the good work of tracking down this specific error is done, I'd like
> to bring up a broader discussion point: our practice of not fixing versions
> for our node dependencies. This is, in effect, causing a few problems:
>
> - We do not have a consistent, repeatable build.
> - We set ourselves up for possible license violation without knowing
> about it (a transitive dependency changes its license)
>
> As we stand, we have a release which doesn't not build after we have
> released it and tested it. It seems to me that we should at a minimum as a
> stopgap:
>
> - fix the versions of our dependencies so that they are in a working
> state
> - consider a point release to get a working build.
>
> I guess my questions to those of us with more javascript and UI experience
> is as follows:
>
> - Does fixing the version of our dependencies actually fix the problem
> transitively?
> - IF not, then how do we get a version of a build which is consistent
> and repeatable and does not expose us to downstream licensing issues?
>
> Thanks,
>
> Casey
>
--
Jon
