[
https://issues.apache.org/jira/browse/TEZ-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15311176#comment-15311176
]
Hitesh Shah commented on TEZ-3285:
----------------------------------
Questions:
- does the license/notice files need changing?
- how is the npm shrinkwrap.json file meant to be maintained? How was it
created in the first place? How should it be kept up to date?
- dependency checks are now skipped - what happens if a new dependency is
required? How would that get pulled in? How do we ensure that all dependencies
are defined in the shrinkwrap json at build/compile time?
> Tez UI: Lock down dependency versions using npm-shrinkwrap
> ----------------------------------------------------------
>
> Key: TEZ-3285
> URL: https://issues.apache.org/jira/browse/TEZ-3285
> Project: Apache Tez
> Issue Type: Bug
> Reporter: Sreenath Somarajapuram
> Assignee: Sreenath Somarajapuram
> Attachments: TEZ-3285.1.patch, TEZ-3285.2.patch, TEZ-3285.3.patch,
> TEZ-3285_batch-0.8_1.patch
>
>
> All dependencies of tez-ui is having fixed versions. But the dependencies of
> our dependencies are not. Hence a level down in the dependency tree, the
> build might be looking for the latest packages. This affects the reliability
> of the UI build.
> NPM:
> npm shrinkwrap create a separate json from the currently installed packages,
> and ensure that the complete dependency tree is intact across all the build.
> Bower:
> Bower doesn't have a hierarchy and this issue can be avoided by locking on a
> specific version for all dependent package in the bower.json itself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
