-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possibly incorrect dagre-d3 version in package.json #1065
Comments
This comment has been minimized.
This comment has been minimized.
I am having issues reproducing this without docker). First I thought this might be related to you using node 12 as we do not officially suppott that yet so I tries first with node 10 and then with node 12 on macos. Could you try with node 10 and and with yarn and se if we can earn anything more? |
This is reproducible with In the package.json it is referenced as a git. I would assume this has been done because the latest release from dagre-d3 on npm is one year old. Is there a way we can fix that without big hassle? |
I think it shouldn't be done in this way, especially that:
This would essentially make any slim and alpine docker images useless for anyone who uses mermaid for their project. |
That requires that the package is available on npm which isn't the case. Like I mentioned already the latest release of dagre-d3 is one year old.
I agree that this is bad practice. Especially for docker users and as most builds these days are done in slim or alpine docker images this is a bad thing too. Also this is trappy for enterprise users sitting behind a restrictive firewall like in #1071. However I can't verify exactly why there is a hard dependency on a GitHub repo. I will investigate that issue and see what we can do about this. If the npm version breaks stuff we might need to get the GitHub version into the project as a hard dependency. As a workaround you can build the project in a full node image (or install git manually) and have it run in an alpine image. |
I might be indirectly to blame, as I raised the issue in this discussion: |
@nothingismagick Well, it passed the review so no blame here. However, I would be glad if you could take this issue and search a solution that doesn’t involve referencing GitHub packages. |
It does seem a bit strange that the changes to dagre-d3 were merged, but no release since 2017!!! If this doesn't get resolved I see two options: import it as a git submodule (which might actually have the same / similar / worse issue in docker) or flat-forking the repo and binding the source into mermaid itself (which is an option I don't like either...) |
Yeah, that are really bad options. Either way we have the source with us which is a PITA. Plus, Submodules are a nightmare. The question is how fast we need to react to this issue. We now have at least 2 confirmed users that have a setup that they are affected. @knsv @dunning-kruger whats your opinion on that? I would say like 2 weeks, maybe contact the author via mail, he's a Microsoft employee so he might want to maintain his stuff at least with minimalistic efford. Plus: do we have any alternatives? |
Alternative would be to fork and publish master to npm as dagre-d3-mermaid.
If that's wanted, I can do it tonight.
… |
I thoght of that but I consider that as the worst solution because then we need to maintain another repo. |
The unofficial publication of dagre-3d would be my choice, under a name such as "dagre-3d-unofficial" or something like that, making it VERY clear that it is not an official release. Maintaining it should not be an issue: all we do is point people to the official repo. If we need to, we can pull changes from upstream and re-release (but this should be rare, I guess). I would keep the fork in the mermaid org just for "security" and future reference but, it's not to be maintained or developed on. We should still try to contact the owner for a release, since that is of course the best option. |
Alright, so what's the time schedule then? @nothingismagick already commented on the pr, so wait a week, contact via mail, wait another week, create the fork? |
Let's create it right now. The PR was merged a month ago and people have
broken installations right now. As soon as upstream gets published we can
go back.
…On Mon, 18 Nov 2019, 19:14 Christian Klemm, ***@***.***> wrote:
Alright, so what's the time schedule then? @nothingismagick
<https://github.com/nothingismagick> already commented on the pr, so wait
a week, contact via mail, wait another week, create the fork?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1065?email_source=notifications&email_token=AIM4G6GU2VWCNTIHQFRJOOTQULLRRA5CNFSM4JMFUOS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEELMMXY#issuecomment-555140703>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIM4G6BYMFKAGISZLRPH4IDQULLRRANCNFSM4JMFUOSQ>
.
|
Hey Guys, Any update on this? are we still waiting on the author of the dependency to get back? Cheers |
Yeah, its been a week, and my advice to host a fork at this org is probably the best way forward. |
Ok, I have forked the repo to mermaid-js. |
Just to summarize, we need an unofficial realase of the head of the fork to the npm repo, (not githubs repo)? Then we update the dependencies in mermaid in release/8.4.3 branch wich is on its way out. |
Exactly, we need the latest |
Yes, I'll do both |
This is now pushed to the 8.4.3 release branch and available from the github package repo, https://github.com/mermaid-js/mermaid/packages/46638 |
What's the estimated date of 8.4.3 being released and pushed to npm? |
Hi,
I'm experiencing an issue while trying to install version ~8.4 via npm.
Let me expose it in an empty environment:
sudo docker run --rm -it node:12.3-alpine sh -c "npm i -g --loglevel verbose mermaid@~8.4"
This unfortunately results in:
This issue might be related with: ca5e60b, since the version specified here is not numerical.
The text was updated successfully, but these errors were encountered: