[jira] [Commented] (YARN-11873) Add yarn.lock for app catalog webapp

[Steve Loughran (Jira)]

    [ 
https://issues.apache.org/jira/browse/YARN-11873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18030442#comment-18030442
 ] 

Steve Loughran commented on YARN-11873:
---------------------------------------

bq.  I want to add Mikael Smith to the YARN project’s list of contributors, but 
there are several people named Mikael Smith. How can I make sure I select the 
right one?

I suspect they are all the same person. maybe the thing is to set one at a time 
(I've tried) and then see if the icon matches 

> Add yarn.lock for app catalog webapp
> ------------------------------------
>
>                 Key: YARN-11873
>                 URL: https://issues.apache.org/jira/browse/YARN-11873
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: webapp
>    Affects Versions: 3.5.0, 3.4.2
>            Reporter: Michael Smith
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 3.5.0, 3.4.3
>
>
> {{hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp}}
>  fails to build today with
> {code}
> [INFO] error color@5.0.2: The engine "node" is incompatible with this module. 
> Expected version ">=18". Got "12.22.1"
> [INFO] error Found incompatible module.
> {code}
> After some experimenting - upgrading node to 22.20.0, which allows a 
> successful {{yarn install}} - I've identified this as caused by
> # we used to pull in apidoc@0.17.7 > winston@^3.0.0 (3.17.0) > 
> @dabh/diagnostics@^2.0.2 (2.0.3) > colorspace@1.1.x (1.1.4) > color@^3.1.3 
> (3.2.1) which works with node 12
> # we now pull in apidoc@0.17.7 > winston@^3.0.0 (3.18.2) > 
> @dabh/diagnostics@@^2.0.7 (2.0.7) > @so-ric/colorspace@^1.1.6 (1.1.6) > 
> color@^5.0.2 (5.0.2) which requires node 18+
> Winston 3.18 and @dabh/diagnostics 2.0.5+ were published yesterday, which 
> seems to have triggered all this. It seems to have primarily been done to 
> update to newer versions without known vulnerabilities.
> I'd suggest updating the node version. I'd also suggest adding a yarn.lock, 
> same as yarn-ui, to avoid surprises like this.
> An alternative is to add {{"@dabh/diagnostics": "2.0.3"}} to resolutions, but 
> that seems like a short-term fix.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org