[jira] [Updated] (TEZ-3285) Tez UI: Lock down dependency versions

[Sreenath Somarajapuram (JIRA)]

     [ 
https://issues.apache.org/jira/browse/TEZ-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sreenath Somarajapuram updated TEZ-3285:
----------------------------------------
    Description: 
All dependencies of tez-ui is having fixed versions. But the dependencies of 
our dependencies are not. Hence a level down in the dependency tree, the build 
might be looking for the latest packages in every build. This affects the 
reliability of the UI build. This must be fixed in both the package managers 
used by Tez UI - NPM & Bower.

-NPM:-
-npm shrinkwrap create a separate JSON from the currently installed packages, 
and ensure that the complete dependency tree is intact across all the build.-

Yarn:
Replace NPM with Yarn. Yarn is a package manager developed to solve this issue 
and many more.

Bower:
Bower shrinkwrap resolver plugin can be used to lock the dependency versions.

  was:
All dependencies of tez-ui is having fixed versions. But the dependencies of 
our dependencies are not. Hence a level down in the dependency tree, the build 
might be looking for the latest packages. This affects the reliability of the 
UI build.

NPM:
npm shrinkwrap create a separate json from the currently installed packages, 
and ensure that the complete dependency tree is intact across all the build.

Bower:
Bower doesn't have a hierarchy and this issue can be avoided by locking on a 
specific version for all dependent package in the bower.json itself.


> Tez UI: Lock down dependency versions
> -------------------------------------
>
>                 Key: TEZ-3285
>                 URL: https://issues.apache.org/jira/browse/TEZ-3285
>             Project: Apache Tez
>          Issue Type: Bug
>            Reporter: Sreenath Somarajapuram
>            Assignee: Sreenath Somarajapuram
>         Attachments: TEZ-3285.1.patch, TEZ-3285.2.patch, TEZ-3285.3.patch, 
> TEZ-3285.4.patch, TEZ-3285_batch-0.8_1.patch
>
>
> All dependencies of tez-ui is having fixed versions. But the dependencies of 
> our dependencies are not. Hence a level down in the dependency tree, the 
> build might be looking for the latest packages in every build. This affects 
> the reliability of the UI build. This must be fixed in both the package 
> managers used by Tez UI - NPM & Bower.
> -NPM:-
> -npm shrinkwrap create a separate JSON from the currently installed packages, 
> and ensure that the complete dependency tree is intact across all the build.-
> Yarn:
> Replace NPM with Yarn. Yarn is a package manager developed to solve this 
> issue and many more.
> Bower:
> Bower shrinkwrap resolver plugin can be used to lock the dependency versions.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)