Skip to content

Conversation

gribnoysup
Copy link
Collaborator

"Update third party notices" job on main is failing for a while, seems like the root cause is one of the Compass dependencies having a weird package.json published with the dist that throws off gather licenses script, or to be more specific the pkgUp logic.

This PR fixes the issue by trying to find package.json closest to the dependency root and only if this failed it falls back to the usual flow of using pkgUp starting from the resolved location of the dependency.

@gribnoysup gribnoysup force-pushed the fix-third-party-notices branch from 3e06e57 to 90832ef Compare July 22, 2021 12:10
@gribnoysup gribnoysup changed the title fix: Skip resolved package.json files if they don't have bare minimum of required metadata fix: Try to resolve package.json as close to the dependency root dir as possible Jul 22, 2021
@gribnoysup gribnoysup force-pushed the fix-third-party-notices branch from 90832ef to 7222f63 Compare July 22, 2021 13:06
@gribnoysup gribnoysup changed the title fix: Try to resolve package.json as close to the dependency root dir as possible fix: Check that package.json that we found contains at least the minimal amount of required keys Jul 22, 2021
Copy link
Collaborator

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Do you want to apply the same change to mongosh for consistency as well?

@gribnoysup
Copy link
Collaborator Author

Thanks for taking another look! Will open a PR there as well, sure

@Anemy
Copy link
Member

Anemy commented Jul 23, 2021

@gribnoysup Do we know which package(s) were causing this issue? I wonder if it's something we should bump.

@gribnoysup
Copy link
Collaborator Author

Oh right, I mentioned it initially in the comments in the code, but lost when refactoring the implementation. It's a transitive dependency of leafygreen through emotion (so a few levels deep) called stylis and they are just doing something custom with their publishing process by having a package.json with just type specified in their umd distribution path, it's not that their main package.json is broken or something, we are just literally picking up the non-root one. I don't think it will be something that we can just fix with an update and probably not something that they even would consider broken probably.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants