[
https://issues.apache.org/jira/browse/TEZ-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sreenath Somarajapuram updated TEZ-3285:
----------------------------------------
Attachment: TEZ-3285.2.patch
Adding patch 2 with exclude tag for apache rat check.
> Tez UI: Lock down dependency versions using npm-shrinkwrap
> ----------------------------------------------------------
>
> Key: TEZ-3285
> URL: https://issues.apache.org/jira/browse/TEZ-3285
> Project: Apache Tez
> Issue Type: Bug
> Reporter: Sreenath Somarajapuram
> Assignee: Sreenath Somarajapuram
> Attachments: TEZ-3285.1.patch, TEZ-3285.2.patch
>
>
> All dependencies of tez-ui is having fixed versions. But the dependencies of
> our dependencies are not. Hence a level down in the dependency tree, the
> build might be looking for the latest packages. This affects the reliability
> of the UI build.
> NPM:
> npm shrinkwrap create a separate json from the currently installed packages,
> and ensure that the complete dependency tree is intact across all the build.
> Bower:
> Bower doesn't have a hierarchy and this issue can be avoided by locking on a
> specific version for all dependent package in the bower.json itself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
