Context
I'm trying to apply some PRs to a VSCode plugin, but the original code lacks package-lock.json file and doesn't build anymore; even after applying a PR with compile fixes, the code does not work correctly. Inspecting the published plugin shows different dependency versions have been picked*, and the author of the PR suggested this might be the root problem.
*I've compared, e.g., the outputs of
$ grep '_id' server/node_modules/*/package.json in my local build, vs
$ grep '_id' ~/.vscode/extensions/siegebell.vscoq-0.2.7/server/node_modules/*/package.json on the version from the VSCode Marketplace, and they're pretty different.
Question
Is there a good way to reconstruct the correct dependency versions (and modify package.json or package-lock.json)? Or is there a better way to reproduce the original build?
Beware, I'm a developer, but not a TypeScript/JavaScript developer.
My question is meant to be somewhat general, but if you want to see details of specific issues, the original issue and PR are https://github.com/siegebell/vscoq/issues/147 https://github.com/siegebell/vscoq/pull/148.
EDIT: FWIW, I aborted my attempt and the project was resurrected by an expert, tho somebody might find themselves in similar situations.
Related
I've run into a situation where I need to access a transitive dependency in a stable way. In other words, I'd like to declare a dependency whose version is "whatever library Foo is already using".
Specifically, I'm setting up an Eleventy site and want to use markdown-it-anchor with it. Both libraries involve slugifying text, for which markdown-it-anchor allows you to specify a custom function. To keep everything consistent, I want to tell markdown-it-anchor to use the same slugifying function as Eleventy. Eleventy doesn't export its slugifying function, but it's just using #sindresorhus/slugify, so I can import that directly.
The problem came in when I added a direct dependency on #sindresorhus/slugify — I added a dependency with a splat version, on the assumption that npm would simply resolve it to the version of #sindresorhus/slugify which was already present in node_modules/. Instead, it resolved to the latest version. I tried playing around with editing package.json and even package-lock.json manually, but npm is very firm about installing Eleventy's version of #sindresorhus/slugify where I can't reach it and not installing the same version for my own use unless I duplicate the version specifier in my package.json.
What I want is to be able to freely update Eleventy in the future and have reasonable confidence that markdown-it-anchor will continue to be passed the correct version of #sindresorhus/slugify without having to manually verify each time that Eleventy hasn't bumped their dependency. Is there any way to accomplish that?
Well, I kind of got this to work. I say "kind of" because I'm depending on the splat version ("*") of my transitive dependency, which is pretty fragile. Getting it to work at all was pretty ugly, too, so there are multiple ways in which this isn't a "proper" solution.
Opened up package-lock.json and looked at the transitive dependency's dependencies (and transitive dependencies). Fortunately, for #sindresorhus/slugify, this isn't too bad.
Rearranged node_modules/ to move the transitive dependency to the top level (where my package can find it), and all of it's dependencies to where it can find them, without introducing new version conflicts. Again, in my case, this wasn't too bad.
Edited both package-lock.json and node_modules/.package-lock.json to reflect the moved packages' new locations.
Ran npm ci both to verify that I hadn't made any terrible mistakes and to make sure package-lock.json and node_modules/.package-lock.json were formatted the way it liked. (The only change it made was to reorder the packages to keep their directories sorted.)
Manually added a dependency on the (now formerly) transitive dependency with a splat version.
Ran npm install and verified that it didn't actually install or rearrange anything.
After all that, #sindresorhus/slugify works as expected when used directly from my site's build. There are a couple of serious caveats, though:
I'm not sure what npm's behavior will be if/when Eleventy updates its dependency on #sindresorhus/slugify. It may well simply update the latter where it's already located, in which everything will be fine. Otherwise, it probably won't.
I'm also not sure what npm's behavior will be if/when #sindresorhus/slugify gets added as a dependency anywhere else. It may well leave the existing version where it is and install new, conflicting versions under the …/node_modules/ folder of whatever packages require them, in which case everything will be fine. Otherwise, it probably won't.
In other words, I discovered a way to put a fair amount of effort into creating a situation which seems to work, but may not actually do what I originally wanted. 😅
I try migrating from Maven to Bazel and want to use another (newer) version of kotlinc than the standard default.
I have started from the example given on https://github.com/bazelbuild/rules_kotlin#custom-kotlinc-distribution-and-version:
load("#io_bazel_rules_kotlin//kotlin:repositories.bzl", "kotlin_repositories", "kotlinc_version")
kotlin_repositories(
compiler_release = kotlinc_version(
release = "1.6.21", # just the numeric version
sha256 = "632166fed89f3f430482f5aa07f2e20b923b72ef688c8f5a7df3aa1502c6d8ba"
)
)
However, the link and the example explain only the syntax. It is nice that the Bazel configuration is so concise, but on the downside it is hard to see what the effect of this rule is.
How can I know/verify what binary for kotlinc will be download and where from? Can I figure out which other kotlinc releases are available, and more importantly, what the correct sha256 should be?
(Since this seems to be an official part of Bazel (loading from #io_bazel…), maybe there is a public directory (like https://mvnrepository.com/ for mvn, https://www.npmjs.com/ for npm, etc.) to check?)
Both the hash and the download location for the kotlinc that are apparently used by Bazel kotlin_rule can currently be found on GitHub:
https://github.com/JetBrains/kotlin/releases
hash for each release is printed at the end of the respective release note, next to kotlin-compiler-*.zip
download URL follows under "Asset", which for older releases may be collapsed (not immediately visible)
(as for the last part of the question: a unified directory for dependencies (artifacts, plugins, toolchains) seems to be unfeasible for a general-purpose build automation tool such as Bazel; it works for specific-purpose tools like Maven, NPM and so on; but all these ecosystems use quite different approaches and conventions, its probably too much hassle to provide that in a unified way for a system like Bazel; at least some of these bounded ecosystems already started to provide configuration snippets for Bazel)
Lately, installing LWP::Simple requires the prior installation of IO::Socket::SSL, as is shown in this Travis log. However, there does not seem to be a way of forcing zef to install them in that particular order. The only way I can think of is to list it before in the depends section of META6.JSON, but that does not seem to work.
The only slightly related solution I have found is this one, but that does not provide a solution, rather reports an (old and already fixed) bug.
Also, dependencies in the different phases (build, for instance) all seem to be blended together and installed in, I guess, dependence first order.
So, other than listing IO::Socket::SSL as a dependency in LWP::Simple, or forcing installation via another direct command before, is there any other way to fix this?
The module author does not get a say towards dependency installation order. A naive solution of doing them in order would not be parallelization friendly.
As to the actual problem of the failing tests -- how is this not a bug in LWP::Simple? The tests clearly fail due to missing IO::Socket::SSL, so either IO::Socket::SSL should be added to its test-depends, or its test should be fixed to not point at a url that forwards to https (before the skip-all test for IO::Socket::SSL is done 4 lines below).
According to Ivy documentation dependency with changing="true" means the module can change even if the revision is the same. This is useful especially for integration.
Now, I expect the system is smart enough so it does not download artifacts every time.
It can compare, for example, "publication" timestamps in ivy.xml and download (and cache) only if necessary.
But this is not the case if the dependency has rev="latest.integration". I see it downloads artifacts every time and I'm sure they were not changed. If I change "rev" to some exact revision, then it works as expected.
Is this expected behavior and do I have any chance to make it work with "latest.integration"?
I use Ivy 2.2.0.
Obscure problem. Your report does appear to contradict a strict interpretation of how the changing module functionality works.
I'd suggest raising a ticket on the ivy JIRA. Not an issue that can be solved here.
Well I've recently come out of the dark ages and upgraded my GCC from 3.4.4 to 4.5.0 with Cygwin (I use Netbeans 6.8 on Windows for future reference). I tried testing the new compiler by attempting to run a simple program through it. The run failed however, citing that NetBeans "cannot find -lstdc++".
Interesting.
I look in ...
C:\cygwin\lib\gcc\i686-pc-cygwin\4.5.0
...where libstdc++.a, libstdc++.dll.a, libstdc++.la, libsupc++.a, and libsupc++.la are supposed to be (they're in that spot in the 3.4.4 folder), and they're not there. I also notice something else: there's a 4.3.4 folder in...
C:\cygwin\lib\gcc\i686-pc-cygwin
which contains these exact files! Good. So I copy them in to the 4.5.0 folder and try to run the program again. This time i'm getting two other errors:
build/Debug/Cygwin-Windows/extract_fail_operations.o:/usr/lib/gcc/i686-pc-cygwin/4.5.0/include/c++/bits/stl_list.h:1435: undefined reference to `std::_List_node_base::_M_hook(std::_List_node_base*)'
and:
build/Debug/Cygwin-Windows/extract_fail_operations.o:/usr/lib/gcc/i686-pc-cygwin/4.5.0/include/c++/bits/stl_list.h:1451: undefined reference to `std::_List_node_base::_M_unhook()'
At this point I figured that I was way over my head and decided to come for help before copying and pasting any more files. If anyone could tell me how to get this working, i'd be really appreciative.
(If any solutions involve the command line, please be warned that i'm not well versed in it... you may have to provide extra details that you wouldn't need to to other SO users!)
EDIT: The PATH variables are as follows:
C:\Program Files\SSH Communications Security\SSH Secure Shell;C:\Program Files\CVSNT\;C:\cygwin\bin
And yes, the Cygwin installed is the latest from the site.
You need to install version 4.5.0 of libstdc++6-devel.