Skip to content
This repository has been archived by the owner on Jan 13, 2022. It is now read-only.

Resolve dependency warnings in Docker build #113

Closed
5 of 6 tasks
aflinchb opened this issue Mar 17, 2020 · 4 comments · Fixed by #165
Closed
5 of 6 tasks

Resolve dependency warnings in Docker build #113

aflinchb opened this issue Mar 17, 2020 · 4 comments · Fixed by #165
Assignees
@tobiaswright
Labels
Bug Something isn't working Node Helium-Node Pri2 Priority 2: Completed in next 4 weeks size: S < 2 days

Comments

@aflinchb
Copy link
Contributor

aflinchb commented Mar 17, 2020
edited
Loading

Description:

The original warnings (above) are all resolved and removed from the readme. The remaining are:

  • npm WARN [email protected] requires a peer of gulp@>=4 but none is installed. You must install peer dependencies yourself.
    • Still needs investigation as to what the impact is here - so far, it has had no impact on app performance/functionality
  • npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
    • after initial research, this warning is optional and does not affect the app so no further action is needed
  • npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
    • after initial research, this warning is optional and does not affect the app so no further action is needed
@aflinchb aflinchb added Bug Something isn't working Node Helium-Node BLOCKED labels Mar 17, 2020
@dsturgell dsturgell added the Pri2 Priority 2: Completed in next 4 weeks label Mar 19, 2020
@dsturgell dsturgell modified the milestones: M6, M7 Mar 19, 2020
@aflinchb aflinchb removed this from the M7 milestone Apr 22, 2020
@tobiaswright
Copy link
Contributor

I've done some research on the issue, and appears there is no way around having to add gulp to the package.json.

I've installed gulp and it does generate two new warning, similar to the warning that are being generated now. The screenshot below is the new warning that are generated.

Screenshot from 2020-05-01 11-51-22

This is current warning for reference:

Screenshot from 2020-05-01 11-52-07

I narrowed the package that is causing that issue. It's inversify-restify-utils - I believe there that the this module should be in developer dependencies.

I can't recall if this the module with the absentee owner.

At any rate installing gulp does not appear to have any adverse on the app, and it has passed webvalidate test

@tobiaswright
Copy link
Contributor

The other thing we may want to consider is turning adjusting the log level for npm - https://docs.npmjs.com/misc/config

@tobiaswright
Copy link
Contributor

Oh, also, we wouldn’t see the other two warnings on a Mac: https://stackoverflow.com/questions/27686889/npm-install-warn-on-dependency

@aflinchb aflinchb added size: S < 2 days and removed BLOCKED labels May 8, 2020
@tobiaswright
Copy link
Contributor

So adding gulp does add a low severity vulnerability, it will not be fixed in the current version of gulp: gulpjs/gulp-cli#207

@tobiaswright tobiaswright mentioned this issue May 13, 2020
Merged
7 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tobiaswright tobiaswright

Labels
Bug Something isn't working Node Helium-Node Pri2 Priority 2: Completed in next 4 weeks size: S < 2 days
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added Gulp module and Consistency level to cosmosDB retaildevcrews/helium-typescript
3 participants
@tobiaswright @aflinchb @dsturgell