wagtail icon indicating copy to clipboard operation
wagtail copied to clipboard
verified publisher icon wagtail

Add checksums to package-lock.json

Open sephii opened this issue 7 months ago • 3 comments

We’ve recently switched from the PyPI distribution of Wagtail to GitHub in nixpkgs but for it to work we need to compile the assets, which means installing the NPM dependencies. Unfortunately we can’t install them as-is because the lockfile is missing the integrity and resolved fields.

This PR adds the missing information (they were generated with https://github.com/jeslie0/npm-lockfile-fix).

This PR is targetting the 6.4 branch because that’s the Wagtail version we have in nixpkgs right now.

sephii avatar May 26 '25 15:05 sephii

@sephii thank you for the PR, I've tried to do this myself a few times and keep finding that the build completely fails. It appears that our package lock file is a bit fragile.

The CI has failed here, can you take a look, there may be more work needed to get this to a buildable state. Did this work locally for you?

lb- avatar May 28 '25 19:05 lb-

Yes it did work for me.

It looks like the frontend check failed because the package-lock.json file is not correctly formatted. I think it would be nice to exclude it from checks but I’ll see if I can fix its formatting. I’m not sure why some Wagtail tests fail though, I’ll dig into it.

sephii avatar Jun 03 '25 11:06 sephii

Ignore the test failures, they should be fixed after rebasing.

laymonage avatar Jun 03 '25 12:06 laymonage

OK I have rebased on main - just a reminder for future, all PRs must be off main not release branches, I may need to raise a new PR.

I have also done a an npm audit fix to ensure that we fix up any minor security issues while we update the checksums.

lb- avatar Jun 29 '25 05:06 lb-

Merged in via https://github.com/wagtail/wagtail/pull/13189 / https://github.com/wagtail/wagtail/commit/aaac0045c688ff65980895b3dc8b30557cb95eaa

lb- avatar Jun 29 '25 06:06 lb-