{ "id": "149343", "key": "TIMOB-19133", "fields": { "issuetype": { "id": "4", "description": "An improvement or enhancement to an existing feature or task.", "name": "Improvement", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [], "resolution": { "id": "2", "description": "The problem described is an issue which will never be fixed.", "name": "Won't Fix" }, "resolutiondate": "2015-12-08T16:45:56.000+0000", "created": "2015-07-01T17:08:00.000+0000", "priority": { "name": "Medium", "id": "3" }, "labels": [], "versions": [], "issuelinks": [ { "id": "50066", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "133470", "key": "CLI-903", "fields": { "summary": "Investigate locking down NPM dependencies", "status": { "description": "A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.", "name": "Resolved", "id": "5", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "High", "id": "2" }, "issuetype": { "id": "4", "description": "An improvement or enhancement to an existing feature or task.", "name": "Improvement", "subtask": false } } } } ], "assignee": { "name": "pinnamuri", "key": "pinnamuri", "displayName": "Praveen Innamuri", "active": false, "timeZone": "America/Los_Angeles" }, "updated": "2017-03-22T18:31:15.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10207", "name": "Tooling" } ], "description": "Based on our experience with longjohn, I would like to lock the dependency versions of the above plugins.\r\n\r\nI would consider we run https://docs.npmjs.com/cli/shrinkwrap before publishing.", "attachment": [], "flagged": false, "summary": "Lock versions of titanium, node-appc and alloy dependencies", "creator": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "environment": null, "comment": { "comments": [ { "id": "372415", "author": { "name": "fokkezb", "key": "fokke", "displayName": "Fokke Zandbergen", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "(y) for this!\r\n\r\nIt prevent issues like: https://github.com/FokkeZB/gittio/issues/108\r\n\r\nI run Node 4.2.3 as well but don't get the warning and my bet is a reinstall of the Ti CLI will resolve it for the reporter as well. If the Ti CLI would use shrink-wrap then this wouldn't happen (or it would for me as well - at least not depend on the environment).", "updateAuthor": { "name": "fokkezb", "key": "fokke", "displayName": "Fokke Zandbergen", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-12-08T13:48:44.000+0000", "updated": "2015-12-08T13:48:44.000+0000" }, { "id": "372434", "author": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "body": "We shinkwrap appc-cli as part of the publishing process as noted in CLI-903. We won't shinkwrap any other parts of the tree as it introduces a large level of process complexity.", "updateAuthor": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2015-12-08T16:45:56.000+0000", "updated": "2015-12-08T16:45:56.000+0000" }, { "id": "372608", "author": { "name": "fokkezb", "key": "fokke", "displayName": "Fokke Zandbergen", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "OK, but this does mean that if you install Alloy and Titanium straight from NPM you might still have the troubles shrink-wrap fixes. -And I believe shrink-wrap should handle dependencies that also use shrink-wrap fine.-\r\n\r\nI see you explained the reason why in CLI-903 ;)\r\n\r\n> On npm install, titanium will grab the latest sanctioned versions (as determined by semver ranges) of dependencies. This allows us to to not need to republish parent projects with new shrinkwapped versions if child projects change (think of if node-ios-device changes, we then need to republish a tree of dependencies)", "updateAuthor": { "name": "fokkezb", "key": "fokke", "displayName": "Fokke Zandbergen", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-12-10T08:57:15.000+0000", "updated": "2015-12-10T09:01:09.000+0000" }, { "id": "414869", "author": { "name": "lmorris", "key": "lmorris", "displayName": "Lee Morris", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Closing ticket as the issue will not fix and with reference to the above comments. ", "updateAuthor": { "name": "lmorris", "key": "lmorris", "displayName": "Lee Morris", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2017-03-22T18:31:15.000+0000", "updated": "2017-03-22T18:31:15.000+0000" } ], "maxResults": 4, "total": 4, "startAt": 0 } } }