1234 was just an example, I assumed the files I saw were random numbers, like
PIDs or something. But after testing based on your suggestions, it looks like
the log files are not from using the debugger like I assumed, but were created
when I ran "yarn test", and are always 4711 and 4712.
So this is not an issue with the vsix file or the debugger, but with some tests.
Still a MINOR issue that I wouldn't block the release over but it should be
fixed for a future release. Running tests really shouldn't create files in a
users home directory, they should either be created in some build directory in
the repository that is part of .gitignore (e.g. target) in temp dir like
/tmp/daffodil-vscode/.
On 2025-06-03 01:38 PM, Jeremy Yao wrote:
Hey Steve,
We greatly appreciate your feedback.
Regarding the daffodil-debugger-1234.log issue, we are looking into this and
have several questions:
- Are you seeing a file specifically named "daffodil-debugger-1234.log" that appears in
your home directory or are they files that follow a very similar format (such as
"daffodil-debugger-4712.log")? If you're seeing files that follow a very similar format,
please describe specifically what files are in the directory.
- In your working directory, can you provide us your launch.json file (found in
./.vscode) and your VSCode Users Settings json file
(https://code.visualstudio.com/docs/configure/settings#:~:text=User%20settings.json%20location,Code%2FUser%2Fsettings.json)?
- Do you invoke the "yarn test" command in your terminal when creating the
.vsix file or using the extension? If not, can you provide us a list of terminal commands
you use during your testing process?
Jeremy Yao | Software Engineer
Email: jeremy....@nteligen.com
Website: http://www.nteligen.com/
Work: 667-261-6088
CONFIDENTIALITY NOTICE: This message and any accompanying documents contain
information belonging to the sender which may be confidential and legally
privileged. This information is only for the use of the individual or entity to
which it was intended. If you are not the intended recipient, any disclosure,
copying, distribution, or action taken in reliance on the contents of the
information contained in this message and any accompanying documents is
strictly prohibited. If you have received this message in error, please contact
the sender immediately and delete the message. Thank you.
-----Original Message-----
From: Steve Lawrence <slawre...@apache.org>
Sent: Monday, June 2, 2025 1:10 PM
To: dev@daffodil.apache.org
Subject: Re: [VOTE] Apache Daffodil™ Extension for Visual Studio Code 1.4.1-rc1
-1 (binding)
My -1 is because of the things that I marked as FAILED, but I wasn't sure what
they were about. If these are expected and not a concern I can downgrade them
to MINOR.
I'm fine with things marked as MINOR being fixed in the next release.
I checked:
[OK] hashes and signatures of source and helper binaries are correct [OK]
source compiles using yarn package [OK] tests pass using yarn test [FAILED] All
nightly tests pass
- Nightly tests currently fail, looks to be macOS issues, is this expected?
[MINOR] source and helper binaries are 100% reproducible
- The Content_Type.xml file inside the .vsix file is non-deterministic, causing
the .vsix file to not be reproducible. This is a known issue with vsce. I
confirmed all other files in the .vsix are exactly the same when built
locally. Hopefully a version of vcse that fixes this can be used for the
next
release.
[OK] signature of git tag verifies
[OK] source release matches git tag
[MINOR] source and helper binary include correct LICENSE/NOTICE
- The NOTICE file copyright still says 2023, but more importantly there are
about 30 transitive or direct dependencies (listed via yarn licenses --prod)
that I do not see listed in any of the LICENSE/NOTICE/NONOTICE files. They
all look to be ASF compatible so I won't block the release over this, but it
is an ASF requirement that these files be accurate--I will give a -1 to
future release candidates that don't have correct license files. I
understand
the npm package ecosystem is pretty insane when it comes to dependencies,
but
we can't use that as an excuse to not thoroughly vet dependencies and
document them according to ASF requirements--if anything, the dependency
insanity is even more of a reason carefully inspect all transitive
dependencies to avoid potential supply chain attacks.
[OK] RAT check passes
[OK] no unexpected binaries in source
[MINOR] vsix installs and runs with run with basic usage
- I did notice each time I ran the debugger it wrote a
daffodil-debugger-1234.log file to my home directory. Is this expected
behavior? Seems like something we shouldn't do.
- Note, I did very basic usage. I'm not familiar enough with VS Code to
thoroughly test things
[FAILED] no open CVEs found using sbt dependencyCheck and yarn audit
- yarn audit shows 5 moderate CVE's, with svelte, nanoid, serialize-javascript,
and babel
[FAILED] Page for release candidate published on website
- Missing download page on daffodil.apache.org, required by ASF
[MINOR] no closed issues without a milestone
- There are a number of issues that have been closed but have not been
assigned a milestone:
https://github.com/apache/daffodil-vscode/issues?q=is%3Aissue%20state%3Aclosed%20no%3Amilestone
Were they closed as part of 1.4.1? Can they be added to this milestone or a
previous milestone so there's a record of what release fixed these issue?
On 2025-05-22 02:25 PM, Shane Dell wrote:
Hello all,
I'd like to call a vote to release Apache Daffodil™ Extension for
Visual Studio Code 1.4.1-rc1.
All distribution packages, including signatures, digests, etc. can be
found at:
https://dis/
t.apache.org%2Frepos%2Fdist%2Fdev%2Fdaffodil%2Fdaffodil-vscode%2F1.4.1
-rc1&data=05%7C02%7Cjeremy.yao%40nteligen.com%7C5cffc570ee374433c97408
dda1f849b7%7C379c214c5c944e86a6062d047675f02a%7C0%7C0%7C63884480996171
4854%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwM
CIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata
=y%2F5yUBHszUJ6O07AGx2rLR7mtZ7sH75NS4ufWhHqrHc%3D&reserved=0
This release has been signed with PGP key
86DDE7B41291E380237934F007570D3ADC76D51B, corresponding to
shaned...@apache.org, which is included in the KEYS file here:
https://dow/
nloads.apache.org%2Fdaffodil%2FKEYS&data=05%7C02%7Cjeremy.yao%40ntelig
en.com%7C5cffc570ee374433c97408dda1f849b7%7C379c214c5c944e86a6062d0476
75f02a%7C0%7C0%7C638844809961724429%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU
1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldU
IjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=V6xoZAmMSZ9lbEGL2IbakwHP3GvwVl4DZAkY8k
zUrEk%3D&reserved=0
The release candidate has been tagged in git with 1.4.1-rc1.
For reference, here is a list of all closed GitHub issues tagged with 1.4.1:
https://git/
hub.com%2Fapache%2Fdaffodil-vscode%2Fmilestone%2F11%3Fclosed%3D1&data=
05%7C02%7Cjeremy.yao%40nteligen.com%7C5cffc570ee374433c97408dda1f849b7
%7C379c214c5c944e86a6062d047675f02a%7C0%7C0%7C638844809961732889%7CUnk
nown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJ
XaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=2oacJB3eA
K3pdsyIuAikQw5sqwP%2FmTJ6JT4uazHomiM%3D&reserved=0
Please review and vote. The vote will be open for at least 72 hours
(Wednesday, 28 May 2025, 2:30pm EST) (Not including Monday since its
Memorial Day).
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Documentation for 1.4.1 can be found here
https://github.com/apache/daffodil-vscode/wiki/Apache-Daffodil%E2%84%A2-Extension-for-Visual-Studio-Code:-v1.4.1.
Thank you,
- Shane Dell
