Skip to content

Updating npm dependencies

Jump to bottom Edit New page
Martin Hradil edited this page Sep 3, 2020 · 2 revisions

ManageIQ has 2 UIs: manageiq-ui-classic and manageiq-ui-service, an appliance has both.
manageiq-ui-classic can use other rails engines as UI plugins, with their own dependencies.

In manageiq (any version), bin/rake update:print_engines gives a list of all repos with package.json, except for http://github.com/ManageIQ/manageiq-ui-service which also has to be included - all of those can have vulnerable npm dependencies.

Setup:

  • fork manageiq on github,
  • for each repo on the list (currently: manageiq-ui-service manageiq-ui-classic manageiq-providers-{lenovo,nuage,redfish} manageiq-v2v),
    • fork it on github
  • for each branch (currently: jansa master)
    • clone manageiq into manageiq-$branch,
    • check out the right branch,
    • create plugins/ under,
    • for each repo on the list
      • clone under plugins/
      • check out the right branch inside (have a shortcut to do that)
      • run yarn
    • optional: create spec/ symlink and override_gem entries according to normal development instructions for each, add (per-branch) databases, run bin/setup

Finding all versions of a package in a release:

Let's take the situation in #7289 as an example, we want to update the version of acorn in the jansa branch:

$ cd manageiq-jansa/plugins
$ bfs -wholename \*node_modules/acorn/package.json | while read f; do echo "$f" ; jq .version "$f" ; done

./plugins/manageiq-providers-nuage/node_modules/acorn/package.json
"5.7.3"
./plugins/manageiq-ui-classic/node_modules/acorn/package.json
"6.4.0"
...

This will find all versions of a given package in all the plugins, whether they are direct or indirect dependencies.

Then, you can use something like..

$ cd manageiq-jansa/plugins
$ for d in */ ; do
  cd "$d"
  echo "$d"
  # update to current upstream/$branch

  git checkout -b upgrade-yarn
  yarn upgrade

  git commit -a -m 'yarn upgrade: description'
  git push -u origin `git branch-name`
  hub pull-request -b jansa -l dependencies -a simaishi
    # don't use -a simaishi for master
    # for non-master, prefix title with "[JANSA] " (uppercased branch name)

  git checkout master
  cd -
done

To make a fix in all the repositories.

If any commands are missing, bfs, jq, hub, git branch-name, git up, yarn.

Test Footer

Add a custom sidebar
Clone this wiki locally