Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cli] Replace update-notifier dependency with built in #8090

Merged
merged 78 commits into from Dec 1, 2022
Merged

[cli] Replace update-notifier dependency with built in #8090

merged 78 commits into from Dec 1, 2022

Conversation

styfle
Copy link
Member

@styfle styfle commented Jul 6, 2022
edited

This PR replaces the update-notifier dependency with a custom implementation.

There are a few reasons: the dependency is quite large, it requires ESM in order to update, and can sometimes suggest an update to an older version. For example:

image

@styfle styfle changed the title [cli] Replace update-notifier dependency with build in [cli] Replace update-notifier dependency with built in Jul 6, 2022
TooTallNate
TooTallNate reviewed Jul 7, 2022
View reviewed changes
packages/cli/src/util/update-notifier.ts Outdated
'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*',
};

const url = `https://registry.npmjs.org/${pkg.name}`;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps make url configurable so we could test against a mock server?

@alex-grover alex-grover mentioned this pull request Jul 14, 2022
Closed
3 tasks
@cb1kenobi cb1kenobi marked this pull request as ready for review August 3, 2022 22:39
TooTallNate
TooTallNate reviewed Aug 4, 2022
View reviewed changes
packages/cli/src/index.ts
`Changelog: https://github.com/vercel/vercel/releases/tag/vercel@${latest}`
)
);
console.log(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should be using output.log() here instead of console.log() otherwise we'll break the pipe-ability of commands (i.e. deployment URL goes to stdout for vc deploy).

I realize that this was the previous behavior as well, but since we're here we might as well fix it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because of the isTTY check, this won't break piped output, but by convention and for future testing, we should still probably change these to use output in a follow-up PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we update this in a follow-up PR?

This was about using output instead of console.log.

@cb1kenobi cb1kenobi added the semver: minor PR contains new features label Aug 5, 2022
@cb1kenobi cb1kenobi mentioned this pull request Nov 9, 2022
Closed
4 tasks
@EndangeredMassa EndangeredMassa mentioned this pull request Nov 16, 2022
Closed
EndangeredMassa
EndangeredMassa approved these changes Nov 23, 2022
View reviewed changes
Copy link
Contributor

@EndangeredMassa EndangeredMassa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should do a release before this to reduce the surface area of a new version. Then we can release this.

packages/cli/scripts/build.ts
'update-notifier',
'src/index.ts',
];
console.log('Dependencies:', dependencies);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we update this in a follow-up PR?

We probably don't want to log if dependencies is empty. Or, at least we'd want to log a clearer message saying so.

packages/cli/src/index.ts
`Changelog: https://github.com/vercel/vercel/releases/tag/vercel@${latest}`
)
);
console.log(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we update this in a follow-up PR?

This was about using output instead of console.log.

@cb1kenobi cb1kenobi merged commit 577fd3e into main Dec 1, 2022
@cb1kenobi cb1kenobi deleted the replace-update-notifier-with-built-in branch December 1, 2022 23:07
@leerob leerob mentioned this pull request Dec 2, 2022
Merged
cb1kenobi pushed a commit that referenced this pull request Dec 3, 2022
@leerob
[cli] Revert replace update-notifier dependency with built in (#9000)
2e0cbf1 
Reverts #8090.


![image](https://user-images.githubusercontent.com/9113740/205410222-efd63ff6-8094-4cba-8316-559845c64289.png)
This was referenced Dec 17, 2022
Closed
Merged
kodiakhq bot pushed a commit that referenced this pull request Jan 11, 2023
[cli] Replace update-notifier dependency with build in (#9098)
e1aaf80 
This PR replaces the `update-notifier` dependency with a custom implementation.

There are a few reasons: the dependency is quite large, it requires ESM in order to update, can sometimes suggest an update to an older version, and used dependencies with known security issues.

The result looks like:

<img width="768" alt="image" src="https://user-images.githubusercontent.com/97262/208452226-b7508299-f830-4d42-a96a-7646ec8227aa.png">

Note: This PR is the successor to #8090.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cb1kenobi cb1kenobi cb1kenobi left review comments

@EndangeredMassa EndangeredMassa EndangeredMassa approved these changes

@TooTallNate TooTallNate TooTallNate approved these changes

@Ethan-Arrowood Ethan-Arrowood Ethan-Arrowood approved these changes

Assignees
No one assigned
Labels
area: cli semver: patch PR contains bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@styfle @EndangeredMassa @cb1kenobi @TooTallNate @Ethan-Arrowood