On the GitHub page, there are instructions only for NPM. When using
bower search rxjs, I got only the RxJS 4.x results. Does it mean the RxJS 5.x hasn't been "bowerized" yet?
Is there a way to do the ${subject}?
RxJS 5 has not been added to Bower, no. At this point NPM is recommended. This is primarily because Bower is just a fascade to GitHub and has a variety of other issues. We're also trying to follow the movement of more modern libraries moving away from Bower. There are also CDNs you can use.
If you strongly feel we should support bower file an issue so the whole community can discuss it. Thus far there hasn't been any demand though.
Related
In our .NET 6 apis we are using Simple Injector for dependency injection. With the latest version of Simple Injector, we observed that Snyk found five high-priority vulnerabilities and two medium vulnerabilities in
SimpleInjector.Integration.AspNetCore.Mvc v5.4.0. You can see one of them in the image below. All of them are probably caused by dependencies to an older version of the .NET Framework/runtime. Is it possible to provide a solution for these issues in the near future?
Is it possible to provide a solution for these issues in the near future?
If you look closely at the threat analysis, you'll notice that the issue not lies with the SimpleInjector.Integration.AspNetCore.Mvc package itself, but with the dependencies the package points at. It is, therefore, not an issue for the Simple Injector packages to fix, as all package authors would constantly have to upgrade their packages when there is a security flaw found in their dependency chain. The NuGet infrastructure is actually designed for these scenarios as a package lists its dependencies with the minimum compatible version. It's up to the application developer to select the most suitable version of those dependencies.
The solution is, therefore, straightforward: You, as an application developer should check whether the vulnerability affects your application, and if so (or when in doubt), act by updating the vulnerable dependencies in your application. If the vulnerable package isn't explicitly installed in your application, you should do so, and install a version that is not vulnerable.
Concretely, in your case the vulnerability lies in System.Net.Http, which means you should probably explicitly install that package in your application and upgrade to at least version 4.3.4, as this is the version that fixed the problem.
I'm trying to start a purescript project that uses the purescript signal and drawing libraries. When I try to bower install with both of them as dependencies, bower's interactive prompt asks to resolve several dependency versions. I admittedly pick the versions somewhat arbitrarily since most of the issues are several layers of dependencies deep. Then when I pulp build a basic hello world piece of code that doesn't even use the dependencies, pulp gives around 40 errors depending on which versions I selected.
How do I resolve these dependency versions correctly? Sifting through forty errors and all of the dependencies for both projects doesn't seem feasible. Is there some non-arbitrary way of picking the versions that will resolve the conflicts? From the choices it gave me, it didn't seem like there was any clear resolution. Or are their dependencies too conflicting and you just can't use them together?
This may actually be more of an question about bower, but it may also be something about purescript and pulp that I am just unaware of. They both seem like libraries that should be able to work together, and I can't imagine that other people are having too much difficulty using two or more libraries in a single project.
Purescript 0.10 has breaking changes. If you have the latest compiler, it's likely that it's not compatible with some libraries. From what I see, signal lib is updated but the drawing is not. You can update the lib and use your own version. Or, send a PR, Phil and purescript community in general, is really fast on responding to pull requests.
Another temporary solution is to use the old compiler (0.9) and wait a couple months till everything is back to normal.
also see 0.10 migration guide.
So if i’m using a Bower package (specifically, this one: https://github.com/DmitryBaranovskiy/raphael/ ) and there’s a tiny bug in it. It’s not really a big deal, and there’s a PR for it: https://github.com/DmitryBaranovskiy/raphael/pull/645 but it seems like the PR won't be merged anytime soon... Is there a way to incorporate this fix into (at least) my local version of the package without theoretically losing all the Bower-goodness? I’m a Bower newbie. I guess I’m asking is there a way to ‘customize’ a Bower package?
(For context, I’m using Bower hooked into the Rails asset pipeline as described here: http://dotwell.io/taking-advantage-of-bower-in-your-rails-4-app/ )
Thanks!
I feel your pain in regards to pull-requested patches :) Unfortunately, there's not really a clean way to do this.
One way to do this would be to:
Fork Raphel
Incorporate the fix you need
Update your bower.json to point raphel to your personal github fork"raphael": "yourusername/rapheal#branch_name"
Switch back to the "cannonical" raphel once the fix is merged
Edit
My original answer was given without realizing the original PR was 3 years old. I've updated to advocate for forking Raphel.
I currently have Scala 2.9.0.1 installed and see that Scala 2.9.1 was released fairly recently. I want to upgrade. However, from what I'm seeing, I don't think homebrew supports upgrading formulae.
I see that "Multiple Version Support" is on the homebrew wishlist, but I wonder if this is up-to-date and/or much of an indication of future priorities for the project. I did a quick look at tickets in the ticket tracker but didn't see anything that jumped out at me.
In my case, I'm going to just install the new version and update my environment variables. That will work I suppose. But I feel like a package manager should help me clean up old versions if I want it to.
Related links from the mailing list archives:
I missed how to "brew upgrade outdated" or similar
Making upgrades work properly
No to both (automatic updating and multiple version management) per https://github.com/mxcl/homebrew/wiki/Wishlist
I've been searching for a while, and I can't find any modern rails plugin management tools. I found several gem management tools (such as bundler and isolate), but no plugin management tools. The closest thing to that I found was piston, and that's not exactly what I was looking for was it was for plugin svn:externals management. Our plugins are not using svn:externals. Some can be used as gems, and managed by bundler, but not all plugins are offered by their developers in that form.
They can always be managed by hand, of course, but I'd rather have a tool to keep them current, etc., that works for plugins like isolate or bundler work for gems.
If others could use this I'll see if I can get supervisor approval to work on such and contribute it, assuming also there's not a good or even fair solution out there that I'm missing.
Cheers,
Craig
I use git submodules for that.
But, indeed in Rails 3, it is more natural to package each plugin as a gem, and i think it is the preferred way, especially for the reasons you mention.