[
https://issues.apache.org/jira/browse/METRON-1873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16694534#comment-16694534
]
ASF GitHub Bot commented on METRON-1873:
----------------------------------------
Github user sardell commented on a diff in the pull request:
https://github.com/apache/metron/pull/1267#discussion_r235332053
--- Diff: metron-interface/metron-config/package-lock.json ---
@@ -39,50 +39,50 @@
"@angular-devkit/build-webpack": "0.8.3",
"@angular-devkit/core": "0.8.3",
"@ngtools/webpack": "6.2.3",
- "ajv": "6.4.0",
- "autoprefixer": "8.6.5",
- "circular-dependency-plugin": "5.0.2",
- "clean-css": "4.2.1",
- "copy-webpack-plugin": "4.5.2",
- "file-loader": "1.1.11",
- "glob": "7.1.3",
- "html-webpack-plugin": "3.2.0",
- "istanbul": "0.4.5",
- "istanbul-instrumenter-loader": "3.0.1",
- "karma-source-map-support": "1.3.0",
- "less": "3.8.1",
- "less-loader": "4.1.0",
- "license-webpack-plugin": "1.5.0",
- "loader-utils": "1.1.0",
- "mini-css-extract-plugin": "0.4.3",
- "minimatch": "3.0.4",
- "node-sass": "4.9.3",
- "opn": "5.3.0",
- "parse5": "4.0.0",
- "portfinder": "1.0.17",
- "postcss": "6.0.23",
- "postcss-import": "11.1.0",
- "postcss-loader": "2.1.6",
- "postcss-url": "7.3.2",
- "raw-loader": "0.5.1",
- "rxjs": "6.2.2",
- "sass-loader": "7.1.0",
- "semver": "5.5.1",
- "source-map-loader": "0.2.4",
- "source-map-support": "0.5.9",
- "stats-webpack-plugin": "0.6.2",
- "style-loader": "0.21.0",
- "stylus": "0.54.5",
- "stylus-loader": "3.0.2",
- "tree-kill": "1.2.0",
- "uglifyjs-webpack-plugin": "1.3.0",
- "url-loader": "1.1.1",
- "webpack": "4.19.1",
- "webpack-dev-middleware": "3.3.0",
- "webpack-dev-server": "3.1.8",
- "webpack-merge": "4.1.4",
- "webpack-sources": "1.3.0",
- "webpack-subresource-integrity": "1.1.0-rc.6"
+ "ajv": "~6.4.0",
+ "autoprefixer": "^8.4.1",
--- End diff --
When I first saw this, it caught me by surprise too. It turns out npm v6
made a change to the format of the package-lock.json file. Basically,
`dependencies` in the lock file are fixed versions from what's listed in our
project's package.json dependency section, whereas the `requirements` in the
lock file are an exact copy of each package's dependency section from their
package.json. In the end, it won't effect our ability to lock into specific
versions of our project's npm dependencies.
It's a little confusing, but [this
thread](https://github.com/npm/npm/issues/20891) (and specifically [this
comment](https://github.com/npm/npm/issues/20891#issuecomment-395591772))
helped clear things up for me.
> Update Bootstrap version in Management UI
> -----------------------------------------
>
> Key: METRON-1873
> URL: https://issues.apache.org/jira/browse/METRON-1873
> Project: Metron
> Issue Type: Bug
> Reporter: Shane Ardell
> Priority: Major
>
> We are currently using an alpha version of Bootstrap v4. We should update to
> the latest stable release (v4.1.3) for a couple of reasons. There were
> breaking changes between the alpha and stable release that make it impossible
> for us to use angular ports of Bootstrap like ng-bootstrap. In addition,
> there are quite a few features and fixes we would want in our project. The
> list is long, but if you're curious, [take a look at the
> changelog|https://github.com/twbs/bootstrap/releases].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
