Skip to content

Update node-gyp and node-pre-gyp #1441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kewde merged 8 commits into from
Mar 9, 2021
Merged

Update node-gyp and node-pre-gyp #1441

kewde merged 8 commits into from
Mar 9, 2021

Conversation

@inukshuk
Copy link
Contributor

@inukshuk inukshuk commented Feb 9, 2021

This is basically the same as #1361 and also updates node-pre-gyp. Without updating these two I'm running into all kinds of issues trying to rebuild from source for Electron and for Apple's arm64.

@joao-paulo-parity
Copy link

joao-paulo-parity commented Feb 22, 2021

This might fix #1434 since the problem there entails pre-node-gyp

@joao-paulo-parity joao-paulo-parity mentioned this pull request Feb 22, 2021
Closed
@kewde
Copy link
Collaborator

kewde commented Mar 9, 2021

Hi,

I've unscoped the variables as it will trigger a location change of node-pre-gyp for everyone and I'd rather not break anything.
Scoping dev dependencies is fine though IMHO.

@inukshuk
Copy link
Contributor Author

inukshuk commented Mar 9, 2021

@kewde the unscoped packaged will not receive any updates going forward, so I believe we will have to make the switch at some point?

@kewde
Copy link
Collaborator

kewde commented Mar 9, 2021
edited
Loading

@inukshuk thanks for pointing that out, in that case, the scoped package is the better option.
I've added it again and will look at merging it.

@kewde kewde merged commit 3fb3715 into TryGhost:master Mar 9, 2021
@kewde kewde added this to the 5.0.3 milestone Mar 9, 2021
This was referenced Mar 9, 2021
Closed
Closed
@candrews candrews mentioned this pull request Apr 8, 2021
Closed
@tniessen
Copy link

tniessen commented Apr 30, 2021

This does appear to fix #1434. Is there any chance this could make it into a release on npm soon? I am pulling in the GitHub repository for now.

@cclauss cclauss mentioned this pull request Jun 7, 2021
Closed
@mikehardy
Copy link

mikehardy commented Jun 18, 2021

A gentle request saying I would love to see this released, I'm also successfully using the commithash as a package.json reference and it's great, FWIW. Cheers

@lizthegrey
Copy link

lizthegrey commented Aug 20, 2021

the 3.x node-gyp dependency is now causing security alerts in packages that depend upon sqlite3 because of the indirect dep upon tar :(

@HillTravis
Copy link

HillTravis commented Aug 24, 2021

I also came here because of the security alert. Did as others suggested, using the commit hash by installing this way:

npm i mapbox/node-sqlite3#593c9d498be2510d286349134537e3bf89401c4a

And that resolves the security alert. Would be better to have a release with this update in it, please @kewde.

@samuelms1 samuelms1 mentioned this pull request Oct 6, 2021
Closed
@samuelms1
Copy link

samuelms1 commented Oct 6, 2021

Bumping this -- please publish a new release @kewde

I'm also here due to the tar dependency vulnerability CVE-2021-37713

This was referenced Oct 6, 2021
Closed
Closed
@secure12
Copy link

secure12 commented Oct 8, 2021

Will there be a release resolving the vulnerabilities prompt any time soon?

@hardillb hardillb mentioned this pull request Oct 20, 2021
Open
6 tasks
@builtbyproxy builtbyproxy mentioned this pull request Oct 28, 2021
Merged
@joshgoebel
Copy link

joshgoebel commented Oct 28, 2021

Bumping this also would like a new release.

@chenpx976
Copy link

chenpx976 commented Nov 3, 2021

please publish a new release

@samuelms1
Copy link

samuelms1 commented Nov 3, 2021

Please publish a new release. This fixes CVE-2021-3807 among other things.

@samoilenko
Copy link

samoilenko commented Nov 5, 2021

up

atulsmadhugiri added a commit to CommE2E/comm that referenced this pull request Dec 29, 2021
@atulsmadhugiri
[yarn] remotedev-server -> @redux-devtools/cli
13fe20e 
Summary:
`remotedev-server` has been deprecated and moved to `@redux-devtools/cli`

I looked through the commits in the new repo and there didn't appear to be any significant/breaking changes.

Had to include `node-gyp` here to get `sqlite3`(npm) (dependency of `@redux/devtools/cli`) to build successfully. There's a commit in the `sqlite3` repo to address this... but they haven't made a release (PR that addresses + people asking for a release TryGhost/node-sqlite3#1441)

Test Plan: Able to use RemoteDev successfully: https://blob.sh/atul/73a5.png

Reviewers: varun, palys-swm, def-au1t, ashoat

Reviewed By: ashoat

Subscribers: benschac, ashoat, Adrian, karol-bisztyga, boristopalov

Differential Revision: https://phabricator.ashoat.com/D2712
This was referenced Jan 12, 2022
Closed
Merged
@Piumal1999
Copy link

Piumal1999 commented Jan 15, 2022

Hi @kewde, Could you please let us know the next release date?

@cendyne
Copy link

cendyne commented Mar 11, 2022

Please release this, knex depends on vscode-sqlite3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

5.0.3

Development

Successfully merging this pull request may close these issues.