Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cli] Replace update-notifier dependency with build in #9098

Merged
merged 17 commits into from
Jan 11, 2023
Merged

[cli] Replace update-notifier dependency with build in #9098

merged 17 commits into from
Jan 11, 2023

Conversation

cb1kenobi
Copy link
Contributor

@cb1kenobi cb1kenobi commented Dec 19, 2022
edited

This PR replaces the update-notifier dependency with a custom implementation.

There are a few reasons: the dependency is quite large, it requires ESM in order to update, can sometimes suggest an update to an older version, and used dependencies with known security issues.

The result looks like:

image

Note: This PR is the successor to #8090.

@cb1kenobi cb1kenobi added area: cli semver: patch PR contains bug fixes labels Dec 19, 2022
@cb1kenobi cb1kenobi self-assigned this Dec 19, 2022
@vercel
Copy link

vercel bot commented Dec 19, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
vercel 🔄 Building (Inspect) Jan 4, 2023 at 4:44PM (UTC)

@cb1kenobi cb1kenobi marked this pull request as ready for review December 19, 2022 17:14
styfle
styfle reviewed Dec 19, 2022
View reviewed changes
packages/cli/src/util/get-latest-version/index.ts
output: Output | undefined
) {
// we need to find the update worker script since the location is
// different based on production vs tests
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part is concerning. We should be testing the actual built output

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does test the actual build output. When running the test, __filename resolves packages/cli/src/util/get-latest-version/index.ts and when running from production, __filename resolves to dist/index.js. Then it will walk up the directory tree until it hits root (shouldn't happen) or finds dist/get-latest-worker.js.

I agree this is gross, but I seem to recall there was an issue with attempting to find get-latest-worker.js relative to get-latest-version/index.ts.

@cb1kenobi cb1kenobi added the pr: automerge Automatically merge the PR when checks pass label Dec 21, 2022
@kodiakhq kodiakhq bot removed the pr: automerge Automatically merge the PR when checks pass label Dec 23, 2022
@kodiakhq
Copy link
Contributor

kodiakhq bot commented Dec 23, 2022

This PR currently has a merge conflict. Please resolve this and then re-add the ['pr: automerge'] label.

styfle
styfle reviewed Dec 23, 2022
View reviewed changes
packages/cli/src/util/get-latest-version/get-latest-worker.js Outdated
accept:
'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*',
};
const url = `https://registry.npmjs.org/${name}`;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realize now that this returns 2MB of json. Since it only runs once a week thats probably okay but that is not really nice for anyone on low data or if we later decide to check more often.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed! d240f8f

Ethan-Arrowood
Ethan-Arrowood reviewed Jan 7, 2023
View reviewed changes
packages/cli/src/util/get-latest-version/index.ts
Comment on lines +45 to +52
if (
!pkg ||
typeof pkg !== 'object' ||
!pkg.name ||
typeof pkg.name !== 'string'
) {
throw new TypeError('Expected package to be an object with a package name');
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this not handled by TypeScript?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was based on one of my first PRs and I have the habit of validating arguments despite living in a TypeScript world.

@cb1kenobi cb1kenobi added the pr: automerge Automatically merge the PR when checks pass label Jan 10, 2023
@kodiakhq kodiakhq bot merged commit e1aaf80 into main Jan 11, 2023
@kodiakhq kodiakhq bot deleted the chrisbarber/vccli-222-replace-update-notifier-with-built-in branch January 11, 2023 03:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@styfle styfle styfle left review comments

@Ethan-Arrowood Ethan-Arrowood Ethan-Arrowood left review comments

@EndangeredMassa EndangeredMassa EndangeredMassa approved these changes

@TooTallNate TooTallNate Awaiting requested review from TooTallNate TooTallNate is a code owner

Assignees

@cb1kenobi cb1kenobi

Labels
area: cli pr: automerge Automatically merge the PR when checks pass semver: patch PR contains bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@cb1kenobi @EndangeredMassa @styfle @Ethan-Arrowood