Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: npm@6.4.0 #43

Merged
merged 20 commits into from
Aug 15, 2018
Merged

Release: npm@6.4.0 #43

merged 20 commits into from
Aug 15, 2018

Conversation

zkat
Copy link
Contributor

@zkat zkat commented Aug 9, 2018

iarna and others added 14 commits August 1, 2018 20:45
@iarna @zkat
doc: file-specifier: Remove stray comment
c3ab25f
@mkhl @zkat
config: Search for authentication token defined by environment variab…
6e9f04b 
…le (#8)

As discussed on npm.community[1], the fact that
npm registry authentication tokens
cannot be defined using environment variables
does not seem justified anymore.

The restriction is caused by the config loader translating
* all `_` to `-`
* the whole variable name to lowercase
while the credential checker expects a key ending in `:_authToken`.

This change fixes the problem
by having the credential checker try
a key ending in `:-authtoken` after it tried `:_authToken`.


Fixes: https://npm.community/t/233
Fixes: npm/npm#15565
PR-URL: #8
Credit: @mkhl
Reviewed-By: @zkat
@joebowbeer @zkat
docs: Update --dry-run docs (#34)
af98e76 
Remove publish from list of commands not affected by dry-run

PR-URL: #34
Credit: @joebowbeer
Reviewed-By: @zkat
@valentin2105 @zkat
config: stop filtering out non-ipv4 addresses from local-addrs (#35)
84bfd23 
Fixes: #986
PR-URL: #35
Credit: @valentin2105
Reviewed-By: @zkat
@noahbenham @zkat
docs: Improved repository examples (#36)
e2b0f09 
PR-URL: #36
Credit: @noahbenham
Reviewed-By: @zkat
@iarna @zkat
colors@1.1.2 (#39)
32e6947 
REVERT REVERT, newer versions of this library are broken and print ansi
codes even when disabled.

PR-URL: #39
Credit: @iarna
Reviewed-By: @zkat
@lennym @zkat
audit: configurable audit level for non-zero exit (#31)
792c8c7 
`npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level.

Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found.

Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected.

Fixes: https://npm.community/t/245
PR-URL: #31
Credit: @lennym
Reviewed-By: @zkat
@olore @zkat
cli: don't check for updates to npm when we are updating npm itself (#32
d811461 
)

PR-URL: #32
Credit: @olore
Reviewed-By: @zkat
@mwarger @zkat
docs: added a section for usage with process.env (#14)
e2346e7 
added a header for usage with process.env to separate section from 'current lifecycle event' and make it easier to find

PR-URL: #14
Credit: @mwarger
Reviewed-By: @zkat
@zkat
libcipm@2.0.1
beb96b9 
Credit: @zkat
@zkat
validate-npm-package-license@3.0.4
348fc91 
Fixes: kemitchell/validate-npm-package-license.js#8
Credit: @Gudahtt
@zkat
iferr@1.0.2
e57d345 
Credit: @shesek
Fixes: shesek/iferr#2
@zkat
tar@4.4.6
46f1c6a 
Fixes: isaacs/node-tar#177
Credit: @isaacs
@zkat
hosted-git-info@2.7.1
50df1bf 
Fixes: npm/hosted-git-info#34
Fixes: npm/hosted-git-info#32
Fixes: npm/hosted-git-info#35
Credit: @iarna
Credit: @Erveon
Credit: @huochunpeng
@zkat zkat added the release label Aug 9, 2018
@zkat zkat requested a review from a team as a code owner August 9, 2018 00:20
iarna
iarna approved these changes Aug 9, 2018
View reviewed changes
CHANGELOG.md Outdated

### DOCUMENTATION

* [`c3ab25f3f`](https://github.com/npm/cli/commit/c3ab25f3f54038a813f765845a72ee9f9d836d7d)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really just a chore and doesn't need to be in the changelog.

CHANGELOG.md

### NEW FEATURES

* [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wow the implementation for that ended up being waaay better than it originally was

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agreeee

@iarna
Copy link
Contributor

iarna commented Aug 9, 2018

🐑

@brodycj
Copy link

brodycj commented Aug 9, 2018
edited
Loading

They just published node-gyp@3.8.0 which now uses request@^2.8.7 to resolve the npm audit issues, hope to see this package and other npm dependencies updated in turn.

ref: nodejs/node-gyp#1521

@zkat
Copy link
Contributor Author

zkat commented Aug 9, 2018

@brodybits nice! Thanks for pointing that out! And thanks @rvagg for getting the release out! 🎉 I've updated our dep updates and the changelog. 👍

@zkat
Copy link
Contributor Author

zkat commented Aug 9, 2018

npm@6.4.0-next.0 has been tagged and released. This PR will stay open until npm@6.4.0 goes live. 👍

@zkat zkat merged commit 58ece89 into latest Aug 15, 2018
isaacs added a commit that referenced this pull request Aug 5, 2019
@isaacs
hosted-git-info@2.8.2
4050b91 
FEATURES

* [bbcf7b2](npm/hosted-git-info@bbcf7b2)
  [#46](npm/hosted-git-info#46)
  [#43](npm/hosted-git-info#43)
  [#47](npm/hosted-git-info#47)
  [#44](npm/hosted-git-info#44) Add support for
  GitLab groups and subgroups ([@mterrel](https://github.com/mterrel),
  [@isaacs](https://github.com/isaacs),
  [@ybiquitous](https://github.com/ybiquitous))

BUGFIXES

* ([3b1d629](npm/hosted-git-info@3b1d629))
  [#48](npm/hosted-git-info#48) fix http protocol
  using sshurl by default ([@fengmk2](https://github.com/fengmk2))
* [5d4a8d7](npm/hosted-git-info@5d4a8d7) ignore
  noCommittish on tarball url generation
  ([@isaacs](https://github.com/isaacs))
* [1692435](npm/hosted-git-info@1692435) use gist
  tarball url that works for anonymous gists
  ([@isaacs](https://github.com/isaacs))
* [d5cf830](npm/hosted-git-info@d5cf830)
* Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
* [e518222](npm/hosted-git-info@e518222)
  Use LRU cache to prevent unbounded memory consumption
  ([@iarna](https://github.com/iarna))
@kevinjm39 kevinjm39 mentioned this pull request May 1, 2022
Open
@soloinovator soloinovator mentioned this pull request May 11, 2022
Open
@NOUIY NOUIY mentioned this pull request May 12, 2022
Open
@Mhmonicox Mhmonicox mentioned this pull request May 12, 2022
Open
This was referenced May 13, 2022
Open
Open
Open
@hojatA1 hojatA1 mentioned this pull request Jun 23, 2023
Open
@EMWickd EMWickd mentioned this pull request Jun 24, 2023
Open
@varmakarthik12 varmakarthik12 mentioned this pull request Nov 30, 2023
Open
antongolub pushed a commit to antongolub-forks/npm-cli that referenced this pull request May 18, 2024
@dependabot
chore: bump tap from 15.2.3 to 16.0.1 (npm#43)
58fa8e8 
Bumps [tap](https://github.com/tapjs/node-tap) from 15.2.3 to 16.0.1.
- [Release notes](https://github.com/tapjs/node-tap/releases)
- [Commits](tapjs/tapjs@v15.2.3...v16.0.1)

---
updated-dependencies:
- dependency-name: tap
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iarna iarna iarna approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@zkat @iarna @brodycj @mkhl @joebowbeer @valentin2105 @noahbenham @lennym @olore @mwarger