Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-9633

Use npm shrinkwrap to make sure dependencies of dependencies are also 'fixed'

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Normal
    • Resolution: Duplicate
    • 3.0.1, 3.1.0
    • None
    • None

    Description

      Recently had a problem where we specified a certain version of a npm dependency: grunt-sass. had a version range specified on one of its depenencies, node-sass, and that dependency updated with a change that broke our build.

      We specify a certain version (not a range) to make sure we actually have that same version in a release. However we do not 'protect' ourselves against the dependencies of our dependencies. We can use npm shrinkwrap for this. We should probably use npm shrinkwrap before tagging to ensure we have a working tag.

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. CMS-9965 Backport: Add .npmrc and npm-shrinkwrap to cms/api

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Task - A task that needs to be done. CMS-9966 Backport: Add .npmrc and npm-shrinkwrap to cms/api

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              jdegooijer Joeri de Gooijer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: