[
https://issues.apache.org/jira/browse/TEZ-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15311182#comment-15311182
]
Hitesh Shah commented on TEZ-3285:
----------------------------------
Also, what is the original issue that requires transitive dependencies to be
locked down? Given that libraries will be upgraded over time, how do we ensure
that we dont end up in situations where we are using 3-4 yr old library
versions?
> Tez UI: Lock down dependency versions using npm-shrinkwrap
> ----------------------------------------------------------
>
> Key: TEZ-3285
> URL: https://issues.apache.org/jira/browse/TEZ-3285
> Project: Apache Tez
> Issue Type: Bug
> Reporter: Sreenath Somarajapuram
> Assignee: Sreenath Somarajapuram
> Attachments: TEZ-3285.1.patch, TEZ-3285.2.patch, TEZ-3285.3.patch,
> TEZ-3285_batch-0.8_1.patch
>
>
> All dependencies of tez-ui is having fixed versions. But the dependencies of
> our dependencies are not. Hence a level down in the dependency tree, the
> build might be looking for the latest packages. This affects the reliability
> of the UI build.
> NPM:
> npm shrinkwrap create a separate json from the currently installed packages,
> and ensure that the complete dependency tree is intact across all the build.
> Bower:
> Bower doesn't have a hierarchy and this issue can be avoided by locking on a
> specific version for all dependent package in the bower.json itself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
