Skip to content

Update package-lock.json to be compatible with npm 6.5.0#756

Closed
yamgent wants to merge 2 commits intoMarkBind:masterfrom
yamgent:npm-6
Closed

Update package-lock.json to be compatible with npm 6.5.0#756
yamgent wants to merge 2 commits intoMarkBind:masterfrom
yamgent:npm-6

Conversation

@yamgent
Copy link
Member

@yamgent yamgent commented Mar 7, 2019
edited
Loading

What is the purpose of this pull request? (put "X" next to an item, remove the rest)

• [X] Other, please explain: package-lock.json update

What is the rationale for this request?

  • No one in the development team uses npm 5, so it does not make sense to enforce using npm 5.
  • Even using an older npm version causes few changes in package-lock.json anyway, so if someone install new things, it is inevitable that someone will have to update the package-lock.json.

What changes did you make? (Give an overview)

The package-lock.json is generated updated by running:

npm i

Then, package-lock.json is modified so that cheerio uses our htmlparser instead of the original htmlparser.

Provide some example code that this change will affect:
NIL

Is there anything you'd like reviewers to focus on?
Check that it does not break anything.

Testing instructions:
NIL

yamgent added 2 commits March 7, 2019 15:45
@yamgent
Update package-lock.json to be compatible with npm 6.5.0
e38bb63 
The package-lock.json is generated by running:

    npm i
@yamgent
package-lock.json: Change htmlparser2 to use markbind's version
2bd9121 
This is a manual change, and must be done after we do an npm install
everytime.
@yamgent
Copy link
Member Author

yamgent commented Mar 7, 2019

We now have to be careful not to overwrite this line (2bd9121) every time we update package-lock.json.

Otherwise everything seems to be fine for now.

@yamgent
Copy link
Member Author

yamgent commented Mar 8, 2019

As discussed on slack:

On the issue of the npm version, I am still not convinced that updating package-lock.json with npm 6 is a good decision for now (the corresponding diff can be seen in this PR[1]). There is some questionable change in the version specification (meaning there could be a time when someone updates package-lock.json and suddenly our entire build just breaks). I would check all of the package versions if I have the time, but this could be a huge change and I am strapped for time recently to make that kind of check.

Let's stick with using an older npm 5 version. npm 5.10.0 seems to still be making some minor changes[2]. Let's go lower and try npm 5.9.0. (My own edit: We have since decided to use npm 5.8.0, because 5.9.0 didn't have a proper release.

On a side note, does anyone from the senior dev team know what was the npm version that was used to maintain our package-lock.json since last year?

[1] - #756
[2] - #758 (comment)

@yamgent yamgent closed this Mar 8, 2019
@luyangkenneth luyangkenneth mentioned this pull request Mar 14, 2019
Merged
@luyangkenneth luyangkenneth mentioned this pull request Apr 5, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yamgent