[
https://issues.apache.org/jira/browse/YARN-11873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18028412#comment-18028412
]
ASF GitHub Bot commented on YARN-11873:
---------------------------------------
MikaelSmith opened a new pull request, #8020:
URL: https://github.com/apache/hadoop/pull/8020
### Description of PR
Adds a yarn.lock to ensure reproducible npm builds with
hadoop-yarn-applications-catalog-webapp.
### How was this patch tested?
Compiled the module. This just preserves the file that's already generated.
### For code changes:
- [ ] Does the title or this PR starts with the corresponding JIRA issue id
(e.g. 'HADOOP-17799. Your PR title ...')?
- [ ] Object storage: have the integration tests been executed and the
endpoint declared according to the connector-specific documentation?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`,
`NOTICE-binary` files?
> hadoop-yarn-applications-catalog-webapp fails to build due to incompatible
> module
> ---------------------------------------------------------------------------------
>
> Key: YARN-11873
> URL: https://issues.apache.org/jira/browse/YARN-11873
> Project: Hadoop YARN
> Issue Type: Bug
> Components: webapp
> Affects Versions: 3.5.0, 3.4.2
> Reporter: Michael Smith
> Priority: Critical
>
> {{hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp}}
> fails to build today with
> {code}
> [INFO] error [email protected]: The engine "node" is incompatible with this module.
> Expected version ">=18". Got "12.22.1"
> [INFO] error Found incompatible module.
> {code}
> After some experimenting - upgrading node to 22.20.0, which allows a
> successful {{yarn install}} - I've identified this as caused by
> # we used to pull in [email protected] > winston@^3.0.0 (3.17.0) >
> @dabh/diagnostics@^2.0.2 (2.0.3) > [email protected] (1.1.4) > color@^3.1.3
> (3.2.1) which works with node 12
> # we now pull in [email protected] > winston@^3.0.0 (3.18.2) >
> @dabh/diagnostics@@^2.0.7 (2.0.7) > @so-ric/colorspace@^1.1.6 (1.1.6) >
> color@^5.0.2 (5.0.2) which requires node 18+
> Winston 3.18 and @dabh/diagnostics 2.0.5+ were published yesterday, which
> seems to have triggered all this. It seems to have primarily been done to
> update to newer versions without known vulnerabilities.
> I'd suggest updating the node version. I'd also suggest adding a yarn.lock,
> same as yarn-ui, to avoid surprises like this.
> An alternative is to add {{"@dabh/diagnostics": "2.0.3"}} to resolutions, but
> that seems like a short-term fix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
