FOSSA analysis by default checks for dependencies in the following order:
1. Parse output from `npm ls --json --production` - Runs if npm exists on the system and provides an accurate list of all dependencies needed to build the production project.
2. Parse `package.json` - Runs if `package.json` can be successfully parsed into a dependency graph.
3. Run yarn list --json - This command verifies through yarn what the actual dependencies which are installed on the system are. This strategy runs with `NODE_ENV=production` by default to find production dependencies.
4. Parse `yarn.lock` - Detects dependencies based on the yarn lockfile.
5. Parse `npm-shrinkwrap.json` - Detects dependencies based on the lockfile.
6. Parse `package-lock.json` - Detects dependencies based on the lockfile.
Since our dependencies specified in `package.json` use compatible version matching (`^`), the reported version would often not be what the `yarn.lock` is currently specified to use. Because of this, we are defining a single module with a strategy on `yarn.lock`. Our `yarn.lock` file includes all dependencies.
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
Manual backport to account for accumulated refactors. 6.8 branch predates angular->react conversion, does not use the external ems-client package, and Visualize was still not using expression-pipeline.
Prior to 7.0, ES did not include the architecture in the filename. Tar
files were used for Linux/Darwin and ZIP for Windows. With the inclusion
of Docker files in manifest, those images are incorrectly being picked
up.
The simplest solution here is to exclude anything docker related when
running ES as we currently don't support Docker through kbn-es. Another
option would be to update Jenkinsfile_build_es for 6.8 to set the
architecture and either duplicate the entries so there is one for Linux
and Darwin, or allow architecture to be an array. The issue here is we
would need to regenerate the manifests for each 6.8.x release and 6.8 is
nearing EOL.
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
* Revert "Revert "Using re2 for Timelion regular expressions (#55208)""
This reverts commit c90293d03f.
* Updating re2 to 1.14.0. Still need to update build patching
* Extract the gzip to the destination, supporting multiple extract methods
* Adding 'node' to jest's moduleFileExtensions
'node' is in the defaults, not sure why we aren't using the defaults...
https://jestjs.io/docs/en/configuration#modulefileextensions-arraystring
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
