[GitHub] metron pull request #1267: METRON-1873: Update Bootstrap version in Manageme...

Wed, 21 Nov 2018 02:30:58 -0800 

Github user sardell commented on a diff in the pull request:

    https://github.com/apache/metron/pull/1267#discussion_r235332053
  
    --- Diff: metron-interface/metron-config/package-lock.json ---
    @@ -39,50 +39,50 @@
             "@angular-devkit/build-webpack": "0.8.3",
             "@angular-devkit/core": "0.8.3",
             "@ngtools/webpack": "6.2.3",
    -        "ajv": "6.4.0",
    -        "autoprefixer": "8.6.5",
    -        "circular-dependency-plugin": "5.0.2",
    -        "clean-css": "4.2.1",
    -        "copy-webpack-plugin": "4.5.2",
    -        "file-loader": "1.1.11",
    -        "glob": "7.1.3",
    -        "html-webpack-plugin": "3.2.0",
    -        "istanbul": "0.4.5",
    -        "istanbul-instrumenter-loader": "3.0.1",
    -        "karma-source-map-support": "1.3.0",
    -        "less": "3.8.1",
    -        "less-loader": "4.1.0",
    -        "license-webpack-plugin": "1.5.0",
    -        "loader-utils": "1.1.0",
    -        "mini-css-extract-plugin": "0.4.3",
    -        "minimatch": "3.0.4",
    -        "node-sass": "4.9.3",
    -        "opn": "5.3.0",
    -        "parse5": "4.0.0",
    -        "portfinder": "1.0.17",
    -        "postcss": "6.0.23",
    -        "postcss-import": "11.1.0",
    -        "postcss-loader": "2.1.6",
    -        "postcss-url": "7.3.2",
    -        "raw-loader": "0.5.1",
    -        "rxjs": "6.2.2",
    -        "sass-loader": "7.1.0",
    -        "semver": "5.5.1",
    -        "source-map-loader": "0.2.4",
    -        "source-map-support": "0.5.9",
    -        "stats-webpack-plugin": "0.6.2",
    -        "style-loader": "0.21.0",
    -        "stylus": "0.54.5",
    -        "stylus-loader": "3.0.2",
    -        "tree-kill": "1.2.0",
    -        "uglifyjs-webpack-plugin": "1.3.0",
    -        "url-loader": "1.1.1",
    -        "webpack": "4.19.1",
    -        "webpack-dev-middleware": "3.3.0",
    -        "webpack-dev-server": "3.1.8",
    -        "webpack-merge": "4.1.4",
    -        "webpack-sources": "1.3.0",
    -        "webpack-subresource-integrity": "1.1.0-rc.6"
    +        "ajv": "~6.4.0",
    +        "autoprefixer": "^8.4.1",
    --- End diff --
    
    When I first saw this, it caught me by surprise too. It turns out npm v6 
made a change to the format of the package-lock.json file. Basically, 
`dependencies` in the lock file are fixed versions from what's listed in our 
project's package.json dependency section, whereas the `requirements` in the 
lock file are an exact copy of each package's dependency section from their 
package.json. In the end, it won't effect our ability to lock into specific 
versions of our project's npm dependencies.
    
    It's a little confusing, but [this 
thread](https://github.com/npm/npm/issues/20891) (and specifically [this 
comment](https://github.com/npm/npm/issues/20891#issuecomment-395591772)) 
helped clear things up for me.


---

Reply via email to