-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs(website): Update tutorial #8737
base: main
Are you sure you want to change the base?
docs(website): Update tutorial #8737
Conversation
f05c9fa
to
b0cd522
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8737 +/- ##
=========================================
Coverage 67.85% 67.85%
Complexity 1165 1165
=========================================
Files 244 244
Lines 7736 7736
Branches 864 864
=========================================
Hits 5249 5249
Misses 2128 2128
Partials 359 359
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
This commit updates the content of the tutorial, but does not change anything fundamental. Signed-off-by: Reto Schneider <reto.schneider@husqvarnagroup.com>
b0cd522
to
c359d20
Compare
@@ -65,7 +59,7 @@ For reliable results we use version 2.1.18 (replace `[mime-types-dir]` with the | |||
```shell | |||
git clone https://github.com/jshttp/mime-types.git [mime-types-dir] | |||
cd [mime-types-dir] | |||
git checkout 2.1.18 | |||
git checkout 2.1.35 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that it might make sense to stick to the older 18 patch-level for comparability to some "mime-types-2.1.18" test assets we have in our code base, like https://github.com/oss-review-toolkit/ort/blob/main/scanner/src/test/assets/scancode-3.0.2_mime-types-2.1.18.json.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated because using 2.1.18
resulted in tons of issues due to outdated dependencies. Which makes it harder to read the resulting file. 2.1.35
has issues too, but (currently) only a few.
Would it be worth to update the tests assets?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated because using 2.1.18 resulted in tons of issues due to outdated dependencies.
What kind of issues exactly? Do you mean security vulnerabilities? However, I believe we do not even run the advisor yet as part of the tutorial... see #4219.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(gosh, just realized I have never actually sent my comments/questions)
ERROR - Resolving dependencies for 'package.json' failed with: No lockfile found in '[mime-types-dir]'. This potentially results in unstable versions of dependencies. To support this, enable the 'allowDynamicVersions' option in 'config.yml'. | ||
Writing analyzer result to '[analyzer-output-dir]/analyzer-result.yml'. | ||
[workdir]/mime-types | ||
00:31:07.985 [main] WARN org.ossreviewtoolkit.plugins.packagemanagers.node.utils.NpmDetection - Any of [NPM, PNPM, YARN, YARN2] could be the package manager for '[workdir]/mime-types/package.json'. Assuming it is an NPM project. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a) Why 4x the same warning?
b) Should this be warning just be left out of the tutorial, or addressed by some other means?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why 4x the same warning?
Because all of NPM, PNPM, YARN, YARN2 individually state via common NpmDetection
code that none of them is clearly responsible for that definition file.
Should this be warning just be left out of the tutorial, or addressed by some other means?
If quoting console output, I believe it should be complete to avoid confusion about differences. Maybe the only exception should be lengthy / unimportant output that could be replaced by ellipsis ([...]
).
source: "NPM" | ||
message: "deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported" | ||
severity: "HINT" | ||
dependency_graphs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be nice to have an explanation here, but I do not understand this yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean the "deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported" message? That's just being forwarded from NPM itself. Apparently the project uses an unsupported / unmaintained version of the glob
package.
@@ -65,7 +59,7 @@ For reliable results we use version 2.1.18 (replace `[mime-types-dir]` with the | |||
```shell | |||
git clone https://github.com/jshttp/mime-types.git [mime-types-dir] | |||
cd [mime-types-dir] | |||
git checkout 2.1.18 | |||
git checkout 2.1.35 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated because using 2.1.18
resulted in tons of issues due to outdated dependencies. Which makes it harder to read the resulting file. 2.1.35
has issues too, but (currently) only a few.
Would it be worth to update the tests assets?
If there are minimum versions, they are defined as part of an overridden
|
This commit updates the content of the tutorial, but does not change anything fundamental.
Open Questions/TODOs: