 Can you hear me? Yes, hello. Yeah, I can hear you. Say something now, please. Hello. Hello, Ramon and Peter. All right, give me one second. It's a new laptop and it just doesn't know you have audio. It's good that you can hear me. That's, uh, that's good. I just okay. All right. Let me re-join because I know I know you can hear me, but I cannot hear you properly back in a second. Could you say something now? Yeah. Yes. Okay. Finally it works. Sorry. Very sorry about that. Uh, I have not had the time to create the document, the agenda document, so just give me one second. I'm going to re-use the last weeks to share the screen. Okay. And welcome everyone to the Hyperledger Cacti Maintainers Reading. Please abide by the end teacher's policy that I'm showing on the screen. And also the Hyperledger Court of Conduct, which you can find linked to in every agenda document that we have. And with that said, my topic of discussion is pull requests. I have one that is a little more important than my other pull requests. It's a yarn upgrade from version one. That's a mistake. It's supposed to be, yeah. So from version one to version three. And there was a bunch of small things that I had to be done, namely about 18. If you read this long document and know what they are. They are not really source code changes except for some, like literally a few lines of code I had to change just because I was fighting the compiler that also had to be upgraded. But other than that, the diff is really just configuring the linter. And then if this can load, then I can show you. It's just upgrading of dependencies and adding a bunch of dependencies that we're missing. And the big thing, two big things that I like about this pull request fly, I think it's important is, one, it speeds up the CI. Because it has better caching for the yarn dependencies. And also it skips a bunch of unnecessary debug tasks in the actual CI script. So for example, freeing up the disk space in the GitHub runners. So this takes about a couple of minutes to execute, but we don't always need it. So I turned it off by default. And now every single CI job that we have benefits from it. And there's a few more little optimizations like this that makes it so that the CI script runs on average five minutes faster. And that five minutes adds up a lot because it runs like 40 or 50 times for every pull request. So that's one thing. One thing is the performance. And the other thing is that with Yarn 3, we can disable the hoisting in a way that it actually works. Because we had problems with Yarn version one, but with Yarn 3, I was able to say, where is it? Somewhere in the configuration, I was able to say that we don't want hoisting in the Yarn RC. Yeah. So hoisting limits workspace is what this does is that it does not hoist by default. So all the dependencies for all the packages have to be provided from the node modules of the package itself. And this led to me having to update most of the package JSON files because we had these bugs in most of the packages where we were using dependencies that we were not declaring. But we didn't realize it because the node module resolution would always work anyway just because it climbed back up to the root node modules. And so as long as at least one other package declared a dependency, all of them could use it. And that was not good because then in production, when you actually try to work with the package, it just fails to install because it's missing or not installed. It fails to run because it's missing runtime dependencies. So that is an immediate and very strong benefit from this protocol, which is that every single dependency that I've added was discovered because of this change. Yeah. So that's the gist of it. And I just wanted to highlight all this because I'm hoping to get this reviewed as soon as possible because the downside of such a big pull request that touches everything is that it pretty much immediately starts getting merge conflicts from everywhere as soon as some other pull request gets merged in. And yeah, yeah, that's it. So that's all I had from my side for this pull request, just a little heads up for everyone to please try and review it if you have the time. Thanks. Thanks. Okay, thank you. And one more thing I'm also working on a script that can generate a software bill of materials that gives us a list of all the node dependencies that the project uses. And, and their version numbers and their license is in a CSV file. It doesn't support the hashes yet. But, but I'm working on it and I've made some progress today. So I'm hoping that that pull request will also be very soon. And then that's it. That's all I had. And the software bill of materials is very standard format. I remember the discussion of this in one of the TLC meetings. The SBOM discussion. Yeah, yeah. The last thing I remember is that I was asking if anyone had any good tooling that actually works. Okay. And, and there, there wasn't any from anyone. And what I'm doing is also kind of hacky because I found this package called, what is it called, sorry one second, license report. So the name of the packages license report and you can run it for a single package Jason. But then it doesn't do recursive dependency resolution. As in, if you, if you pointed at cacti, then it just picks the one for the first package Jason finds parses the package Jason and then says, alright, these are your dependencies. But it doesn't check the dependencies dependencies as in the transit of dependencies and it does not go into the mono repo either. But I got around all of this by writing my own script, which does club pattern find of every package Jason everywhere, which comes up to 12,000 package Jason's. And then, and then after that, I just tell the tool 12,000 times, hey, go look at this package Jason tell me the dependencies and dump it into a CSV file. And then I picked that up and I appended to the do a bigger CSV file where I'm collecting all of your responses for all 12,000 package Jason files. So that's the script as it is right now, and it takes about four hours to run on my laptop. So it's, it's far from perfect, but at least I'm getting somewhere because at the end of it I have this ginormous CSV file that I can query in Excel if I want to. I can ask questions like, hey, give me every single instance of this particular dependency with that particular version. And then I can also tell exactly which package Jason's are depending on it. That's good. Thanks. I'll review it. No problem. Okay. If no one else is anything, then we can cut short. Yeah, I just, sorry, I have been super engaged in other stuff. I have this conference next week. So I still haven't finished documentation and realistically, probably it will, I can only get it done like next week, like finish it next week. So, yeah, that's, that's my, a bit of that. Yeah, no worries. I appreciate that you're doing some work on it. That's great in my eyes. And yeah, conference is a tough, especially if you have to fly to the other side of the road for it. Yeah. So, yeah, looking forward to the break, break of change of environment. So anyway, I'll, I'll see you next week. Yeah. Sounds like a plan. Is there, did you have anything? Nothing from me this week. I just approved your progress 14, 14 something. Oh yeah. Thank you very much. Okay, then I'll talk to you next time. Thanks for joining. Thank you. Bye bye. Bye.