[GitHub] [nifi] scottyaslan commented on a change in pull request #4449: [NIFI-7705] update frontend deps

Wed, 05 Aug 2020 09:20:27 -0700 


scottyaslan commented on a change in pull request #4449:
URL: https://github.com/apache/nifi/pull/4449#discussion_r465808576



##########
File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/frontend/package-lock.json
##########
@@ -144,20 +144,20 @@
       "resolved": "https://registry.npmjs.org/d3-brush/-/d3-brush-1.0.4.tgz";,
       "integrity": "sha1-AMLyOAGfJPbAoZSibUGhUw/+e8Q=",
       "requires": {
-        "d3-dispatch": "1.0.3",
-        "d3-drag": "1.2.1",
-        "d3-interpolate": "1.1.6",
-        "d3-selection": "1.3.0",
-        "d3-transition": "1.1.1"
+        "d3-dispatch": "1",

Review comment:
       This change may appear strange but what it is saying is that "d3-brush" 
version 1.0.4 requires any minor or patch release of "d3-dispatch" version 1. 
This however does not change the version of "d3-dispatch" package that is 
installed during the build. That is defined here: 
https://github.com/apache/nifi/pull/4449/files#diff-9a4616626c8b30875e090d2d589ce665R173.
   
   This change is due to the upgrade of npm to version 6.10.0. Although this 
update produces a confusing diff in our package-lock.json this "new" approach 
seems correct to me. If you save the exact version of a direct dependency in 
our package.json (as we have done in this PR) the package-lock.json should not 
list that dependency's dependencies in exact versions. What if another direct 
dependencies also requires the same package as a transitive dependency but it 
lists a different exact minor version? That will produce warnings (or worse... 
errors!) during the `npm install` process. 
   
   All that matters is that npm produces the same resulting node_modules every 
time - which it does. It is the exact version at the top level that determines 
what is installed, not the loose version referenced nested inside each 
individual dependency.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to