-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bump request to 2.87.0 #1492
bump request to 2.87.0 #1492
Conversation
I'm interested in seeing this merged as well, but is I couldn't find the reason for why the range was pinned at 2.82.0 in the first place, but even safer might be to specify |
@apellerano-pw |
|
@xzyfer I made this one in support for 2.87 request bump in the node-gyp 3.x. |
@Rohithzr you're right. My mistake. |
Is there any ETA on when this PR might be merged and included in a release? Thanks. |
@padraic-edwards i too am waiting, maybe i think that people are on vacation or something, anyways, they will merge it when they can. Should be soon |
Hello, I am here to redirect my enthusiasm from gulp-sass to here 👍 |
+1 please merge, ugly to see "Moderate Severity Vulnerability" on npm audit |
Tweeted at some of the folks on the NPM page for node-gyp, mebbe hop on my tweet to help get their attention: https://twitter.com/gweilo_fi/status/1019784220703580160 |
Has the same failures as 3.x HEAD: https://ci.nodejs.org/job/nodegyp-test-pull-request/64/ |
FYI (Same information should be in https://ci.nodejs.org/job/nodegyp-test-commit/327/nodes=win2016-vs2017/console as linked by https://ci.nodejs.org/job/nodegyp-test-commit/327/nodes=win2016-vs2017/) |
@Fishrock123 seems to be an odd error on the Windows Systems. #62 both with same errors. Can you shed some light?
|
I have no clue. |
@joaocgreis finally it's all green. I will open an issue regarding the 0.10.x test failing for documentation purposes. |
Really looking forward to the published release to clear the npm audit warnings on famous packages such as npm-cli and node-sass. |
@Fishrock123 @mmarchini I haven't reviewed this but don't mind landing if your approvals still hold. However, I can't publish a new version so @Fishrock123 perhaps you can take this from here? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still LGTM
I'm waiting a new version for a long time because node-sass depends node-gyp and npm audit always alerts this vulnerability. It causes crying-wolf syndrome so I really want to be fixed it. |
Per npm's website, @bnoordhuis, @Fishrock123, and @rvagg are those with publish access -- would someone be willing to give this PR a once-over and then publish a new 3.x release (I believe it would be |
Dear sass-loader users: Now you can use dart-sass in sass-loader v7.1.0 instead of node-sass. As a result, you can avoid this problem if you don't use any other packages that depend on node-gyp. |
@Fishrock123 what is causing the delay? |
let's get this closed, new code needs quite a bit of work to make it consistent with the node-gyp codebase though. Moving to #1521. |
PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
…lable. PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
…lable. PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
v3.8.0 is out |
PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
Checklist
npm install && npm test
passesDescription of change
In reference to request/request#2943 , the request package should be upgraded to fix security issues.
This still supports node < 4 and fixes the hoek/hawk security issue for both node-gyp v3 and v4 (#1471).