Please provide package-lock.json with fully resolved dependencies again #6180
Comments
|
It looks like #6107 fixed this, the current master has all resolved fields again. Checked with a git bisect and |
|
Yes, I can confirm that the latest releases provide the fully resolved lock files again 👍 |
|
It seems like this happened again with the 2024.4.0 release, see https://github.com/goauthentik/authentik/blob/version/2024.4.0/web/package-lock.json#L18889-L18926 for example. I believe the regression was accidentally introduced in #8699, most likely obscured by GitHub not showing the large lock file diffs by default. Link to the collapsed lock file diff: https://github.com/goauthentik/authentik/pull/8699/files#diff-3ebf69f247f3231fd796e60555489b4a1ed684e3ad4cb0ace460a2ed07d53a95 |
|
I've opened a PR to fix this and add a CI job to prevent this from happening again |
Release notes: https://docs.goauthentik.io/docs/releases/2024.8 Still includes the same hacky workaround for one of the dependencies that was introduced in the 2024.6.1 update. See components/docs.nix for more information. Also, as upstream package-lock.json files do not include source hashes and urls for a lot of dependencies, building authentik from source is only possible after they've been resolved. This makes it kind of a gamble to try and reproduce a build with the same set of dependencies that the devs use. This is why the two relevant lock files are vendored here now. See upstream issues for more information: - goauthentik/authentik#6180 - goauthentik/authentik#11169 and the npm issue for the underlying reason: npm/cli#4263 Flake lock file updates: • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01) → 'github:hercules-ci/flake-parts/567b938d64d4b4112ee253b9274472dc3a346eb6' (2024-09-01) • Updated input 'flake-parts/nixpkgs-lib': 'https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01) → 'https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz?narHash=sha256-Ss8QWLXdr2JCBPcYChJhz4xJm%2Bh/xjl4G0c0XlP6a74%3D' (2024-09-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21) → 'github:NixOS/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/884b66152b0c625b8220b570a31dc7acc36749a3' (2024-08-21) → 'github:nix-community/poetry2nix/a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2' (2024-09-05)
Describe the bug
With release
2023.6.0and seemingly introduced in #5761 (diff https://github.com/goauthentik/authentik/pull/5761/files#diff-3ebf69f247f3231fd796e60555489b4a1ed684e3ad4cb0ace460a2ed07d53a95)the fields
resolvedandintegritywere dropped from a set of dependencies inweb/package-lock.json.For example:
I suppose this happened by accident. Related issue: npm/cli#4263
To Reproduce
N/A
Expected behavior
For the purpose of building the official code from source without having to resolve the dependencies in question and in the worst case diverging from the ones used by the project's devs, it would be great if the next release included
package-lock.jsons with fully resolved dependencies again. :)Screenshots
N/A
Logs
N/A
Version and Deployment (please complete the following information):
Additional context
N/A
The text was updated successfully, but these errors were encountered: