I develop a package. That package has a dependency, which is listed as a version range: ^1.0.0 || ^2.0.0
The versions of the dependency within that version range support different node versions. In v2 support for node 12 has been dropped. Beside that there are no differences. I want to support both to prevent dependency hell on consumers if several of their dependencies rely on the same transitive package.
My package itself still supports node 12. I want to run tests in CI with node 12 to avoid accidentally dropping support for it.
How can I configure Yarn to pick a version within the version range based on the supported node version? In my example I want yarn to pick the latest v1 version to run my tests as that still supports node 12.
The project is using yarn v1.
Related
In a yarn workspace project I want to make yarn #workspace/name add lodash use the range of lodash that is already in use in another workspace (if so) else it should pull in latest as per usual. I've hoped yarn constraints would solve this but they only seem to cover the enforcement bit - e.g. yarn add installs latest and then yarn constraints will fail checks.
My team is developing a React component library which relies on MaterialUI components. The customer of our employer wants to automatically signal and/or upgrade outdated dependencies (specifically when the dependency on MaterialUI becomes outdated at least). We are using yarn as dependency manager.
I found yarn lists all the outdated dependencies (or a specific dependency if specified) through the yarn outdated command. One can then upgrade said dependencies using the yarn upgrade command to which the dependency to be updated is supplied as parameter. To do this using a single command, running yarn upgrade-interactive lists outdated dependencies which the user can then select to be updated.
I am wondering if there is/are way(s) to automate this process. I tried piping the results of yarn outdated to yarn update as well as yarn version, but yarn upgrade seems to ignore whatever input it receives and updates every package regardless and yarn version throws errors saying the version are not proper semvers.
I realise yarn upgrade-interactive makes this process easy and quick for developers, however the project is intended to become open-source over time and the customer prefers a centralised solution rather than relying on every individual contributor to track this themselves. As far as I am aware, yarn upgrade-interactive cannot be automated as it requires user input in order to select the package(s) to be updated.
Other solutions I found, such as Dependabot or packages like 'yarn-outdated-notifier', seem to only work with GitHub. The project is currently running on Azure DevOps and, when it goes public, will run on GitLab.
Is there any way we could do this in our CI/CD environment or with any (free) solutions? The customer prefers to have as few dependencies as possible.
I just upgraded from SonarQube 6.1 to 6.7.7. For SonarJava, it automatically installed 4.15.0.12310 (it was 4.10.0.10260 before). In the Marketplace, when I hover over the available versions from 5.0-5.13, it says “Incompatible”. When I hover over 5.13.1+, it says “Requires system update”. What does it mean for it to be incompatible if it doesn’t require a system update?
I am seeing this with various other plugins as well, such as SonarPython, which had 1.8 automatically installed. I had to manually install 1.9.1 in order to get this bug fix (which is why I originally upgraded the server): https://community.sonarsource.com/t/python-s1481-code-smell-unused-local-variables-should-be-removed-false-positive-with-string-interpolation/8961
I could manually install newer versions of other plugins as well, but I don’t know if that’s safe.
I also can’t find an official plugin compatibility matrix, since this only shows 7.9+: https://docs.sonarqube.org/latest/instance-administration/plugin-version-matrix/
Incompatible means that the plugin does not work with the version of SonarQube you have installed.
An example of an incompatible plugin would be one where the plugin relied on an API that was removed in your current SonarQube version. You may be able to use that version of the plugin if you downgraded your SonarQube instance to a previous version.
Requires system update means you need to upgrade SonarQube in order to install the plugin.
For what it's worth, the states as described by the API documentation are:
Update status values are:
COMPATIBLE: plugin is compatible with current SonarQube instance.
INCOMPATIBLE: plugin is not compatible with current SonarQube instance.
REQUIRES_SYSTEM_UPGRADE: plugin requires SonarQube to be upgraded before being installed.
DEPS_REQUIRE_SYSTEM_UPGRADE: at least one plugin on which the plugin is dependent requires SonarQube to be upgraded.
Is it ok to use the master branch of lib/pq in production?
When you execute go get gitlab.com/lib/pq you get the master branch, but there is a release v1.0.0.
Would it be better to use releases instead of master branch?
lib/pq
Releases
v1.0.0
Initial tagged release. No major recent changes.
Merge pull request #778 from lib/go-mod
add a go.mod file in preparation for a tagged release
lib/pq v1.0.0 adds support for Go versioned modules.
For Go1.12, consider upgrading your production code for Go versioned modules.
The first beta release of Go 1.12 is scheduled for this week (Dec, 3, 2018).
Go 1.11 Release Notes
Modules, package versioning, and dependency management
Go 1.11 adds preliminary support for a new concept called “modules,”
an alternative to GOPATH with integrated support for versioning and
package distribution. Using modules, developers are no longer confined
to working inside GOPATH, version dependency information is explicit
yet lightweight, and builds are more reliable and reproducible.
Module support is considered experimental. Details are likely to
change in response to feedback from Go 1.11 users, and we have more
tools planned. Although the details of module support may change,
projects that convert to modules using Go 1.11 will continue to work
with Go 1.12 and later. If you encounter bugs using modules, please
file issues so we can fix them. For more information, see the go
command documentation.
Proposal: Versioned Go Modules
Go 1.11 Modules.
Ours a complex enterprise app and we use one third party library which we would like upgrade.But we do want to maintain two versions atleast for couple of releases till we are good with the newer version and switch which version to use by a configuration property.
We are trying maven shading for the same.
However the problem we are facing is like this. The changes between the two releases are very drastic. For example A is a class in version 1.0 and is now an interface in version 2.0
So let us say for example in the existing client code we say
A a = new A();
This would have to be changed to some other call in the new version.
Are there any ideas on how to make the client code compatible with both the versions?
I don't believe there is a way to write code compatible with both the versions.
Keeping multiple versions of same jar may create maintenance nightmares.
I suggest to create/maintain separate SVN branches for each version of this jar.
You can decide which SVN branch should go into production based on maturity of that branch.
You can simply replace the war from other branch, if any issue during deployment/in production.