MoFranky
commented
1 year ago Can somebody please approve this? Its urgently needed
Closed andrii-lundiak closed 1 year ago
MoFranky
commented
1 year ago Can somebody please approve this? Its urgently needed
andrii-lundiak
commented
1 year ago @danieltwork ?
koesper
commented
1 year ago Update: Apologies, this does not seem to be something specific to this branch. I'll open a regular ticket on the repo.
If i use this fork, i get a malware warning?!
piwik-pro-angular-tracking * Severity: critical Malware in piwik-pro-angular-tracking - https://github.com/advisories/GHSA-93jq-pwrf-g6h6
installed with:
npm i @piwikpro/ngx-piwik-pro git://github.com/andrii-lundiak/ngx-piwik-pro.git#e06cd52054448646eae85550b576b56c21595ac3
andrii-lundiak
commented
1 year ago @RGunning ? Maybe u r available?
danieltwork
commented
1 year ago Hi @andrii-lundiak, I have checked your solution and it seems wrong. Maybe I am thinking wrongly what you would like to fix, namely the package you are updating relates to a project that bundles the demo application together with the ngx-piwik-pro package. Actually, my PR, which is already available on NPM, should suffice to solve the problem. If you can, please test it in your case.
andrii-lundiak
commented
1 year ago @danieltwork Actually, you are right, I did it wrong (I WILL CLOSE THIS PR as soon as I solve my problem). But..
Look..
When I npm install @piwikpro/ngx-piwik-pro@latest I then got the package installed from NPM registry:
And as u see it installs 1.0.1 version.
Which was THE LATEST from registry:
https://www.npmjs.com/package/@piwikpro/ngx-piwik-pro?activeTab=versions
Until 20 minutes ago there was publish somehow to 1.0.2 - was it u?
But this https://github.com/PiwikPRO/ngx-piwik-pro/blob/master/projects/ngx-piwik-pro/package.json refers to 0.0.5 version.
koesper
commented
1 year ago awesome @danieltwork!
I now see v1.0.2 on npm and that installed without a hitch on my angular 15 project.
Now that you mention that this repo is a wrapper around the npm project, i finally understand where that name piwik-pro-angular-tracking came from, and why that didnt match with wat we see on npm.
Perhaps you can rename it in this repo as wel, for instance to @piwikpro/ngx-piwik-pro-project or something that signifies it is the parent of the npm package?
andrii-lundiak
commented
1 year ago @danieltwork I would recommend to sync version here also (0.0.5 => 1.0.2 or 1.0.3):
https://github.com/PiwikPRO/ngx-piwik-pro/blob/master/projects/ngx-piwik-pro/package.json#L3
+ to recommendation from @koesper
andrii-lundiak
commented
1 year ago I once DO CONFIRM, that after installing 1.0.2 version, I can use my Angular v14 project setup OK (meaning I don't need --force while installing ANY packages).
Thanks @danieltwork I do close this MY PR, but remember about suggestions in previous comments.
danieltwork
commented
1 year ago @andrii-lundiak thanks!
First it's about issue #9 and that is my try to upgrade code to support work with latest version of Angular.
Here is example when I install the package for ng 14.x project:
And sure thing we can suppress it, but it's better to avoid.
npm outdatedshows/hints of how is going on with versions.Plus, also
package-lock.jsonhas been recreated within NodeJS version16.2.1to support all future NodeJS /npm API support for the lock file.npm test:npm run test:devHere is result of GitHub Actions executed from my experimental branch on my fork:
PS. Having such
package.jsonas suggested by this PR we can see on when it's installed on custom project there is NO warning about versions mismatch ANYMORE:But that is NOT concern of this PR. Maybe I will create separate, or maybe maintainer of package will do.