-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resolve yarn.lock, bump builder version, some packaging metadata #307
resolve yarn.lock, bump builder version, some packaging metadata #307
Conversation
JupyterLab 2 is theoretically supported, but is not testedLines 109 to 114 in 4f49a2f
This comment was generated by todo based on a
|
Happy to make any other changes, or add docs/explanations... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wieee this LGTM! THANK YOU @bollwyvl !!!!!! ❤️ 🎉 🌻
@yuvipanda @manics @ryanlovett, I figured I'd squeeze this change into 3.2.0 to get rid of a security warning.
It would feel nice to have another approval of this, because I don't understand the JS world very well, and since I'd like to include it in the 3.2.0 release.
@consideRatio Thanks for waiting for this to merge before release! I defer to the others as well since I feel the same about JS. If there’s no activity after a long period then I can research it, though I’m guessing someone else will chime in. |
Btw, I've looked into the security alerts and if they are solved by this yarn.lock update - sadly, they are not. It seems that the pinnings of @jupyterlab/application and its dependencies are too stringent and still referencing the packages with vulnerabilities. Hmmm, but wait, it seems like @bollwyvl was the versions resolved to in yarl.lock in this PR recently updated? Do you understand what held back @jupyterlab/application from resolving to something more modern, like 3.2.4 than the 3.0.7 that we got? I note that there are even versions like 3.0.12 out, so it seems strange if we ended up with 3.0.7. |
I've re-pushed, replacing the
That being said: it's no secret that I despise the crazy version operators. I am not the first person to misunderstand them, and guarantee I won't be the last, so these might be wrong, but a look at the delta to the |
https://stackoverflow.com/questions/22343224/whats-the-difference-between-tilde-and-caret-in-package-json |
Sure, let's try it with |
I generally drop stuff into an online checker, e.g. https://jubianchi.github.io/semver-check/#/constraint/^2.0%20||%20^3.0 |
As, on closer inspection, we are running the tests, I've put the trove classifier back in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wieeeeeeeeeeeeeeeeeeeeeee!!! Thank you so much @bollwyvl for your thorough work with this!!!!! ❤️ 🎉
This LGTM - go for merge? If so, I'll go for a release of 3.2.0 including this finally - now with the security warnings resolved I think.
I'm really looking forward to this release!!! I wanted |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Aaaaahhh I'll go for a merge and release since I'm at the computer ready to do it right now and I think there is quite clear consensus on this change and to cut the release 3.2.0 with this added to it. |
I'm so excited about the new release. Could you also publish the updated version to pypi.org ASAP? |
@ndgayan sure can, it is available on PyPI now! |
Not knowing/using
jupyter-packaging
much, I did the following:cd jupyterlab-server-proxy rm yarn.lock jlpm jlpm build:prod
And seemed to have a working extension. I also bumped the version of
@jupyterlab/builder
to be of the line that generatesthird-party-licenses.json
: as it turns out, it only ships the shims forcss-loader
andstyle-loader
. As thestyle/index.css
is actually empty, we could ship with no dependencies whatsoever without losing any functionality, which is actually quite attractive.Apropos #298, I restored one old-school compatibility name to make
jupyter serverextension enable
work.I had some
pip
issues (due to my environment no doubt), but rolled back any changes there except adding the relatively-new Lab trove classifiers. I've added, but commented outJupyterLab :: 2
... if no longer tested, and nobody's crying out for it, I don't recommend we re-add it to the test matrix.Here's hoping CI is kind!