Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release: [email protected] #43

Merged
merged 20 commits into from
Aug 15, 2018
Merged

Release: [email protected] #43

merged 20 commits into from
Aug 15, 2018

Conversation

zkat
Copy link
Contributor

@zkat zkat commented Aug 9, 2018

iarna and others added 14 commits August 1, 2018 20:45
…le (#8)

As discussed on npm.community[1], the fact that
npm registry authentication tokens
cannot be defined using environment variables
does not seem justified anymore.

The restriction is caused by the config loader translating
* all `_` to `-`
* the whole variable name to lowercase
while the credential checker expects a key ending in `:_authToken`.

This change fixes the problem
by having the credential checker try
a key ending in `:-authtoken` after it tried `:_authToken`.


Fixes: https://npm.community/t/233
Fixes: npm/npm#15565
PR-URL: #8
Credit: @mkhl
Reviewed-By: @zkat
Remove publish from list of commands not affected by dry-run

PR-URL: #34
Credit: @joebowbeer
Reviewed-By: @zkat
REVERT REVERT, newer versions of this library are broken and print ansi
codes even when disabled.

PR-URL: #39
Credit: @iarna
Reviewed-By: @zkat
`npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level.

Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found.

Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected.

Fixes: https://npm.community/t/245
PR-URL: #31
Credit: @lennym
Reviewed-By: @zkat
added a header for usage with process.env to separate section from 'current lifecycle event' and make it easier to find

PR-URL: #14
Credit: @mwarger
Reviewed-By: @zkat
@zkat zkat added the release label Aug 9, 2018
@zkat zkat requested a review from a team as a code owner August 9, 2018 00:20
CHANGELOG.md Outdated

### DOCUMENTATION

* [`c3ab25f3f`](https://github.com/npm/cli/commit/c3ab25f3f54038a813f765845a72ee9f9d836d7d)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really just a chore and doesn't need to be in the changelog.


### NEW FEATURES

* [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wow the implementation for that ended up being waaay better than it originally was

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agreeee

@iarna
Copy link
Contributor

iarna commented Aug 9, 2018

🐑

@brodycj
Copy link

brodycj commented Aug 9, 2018

They just published [email protected] which now uses request@^2.8.7 to resolve the npm audit issues, hope to see this package and other npm dependencies updated in turn.

ref: nodejs/node-gyp#1521

@zkat
Copy link
Contributor Author

zkat commented Aug 9, 2018

@brodybits nice! Thanks for pointing that out! And thanks @rvagg for getting the release out! 🎉 I've updated our dep updates and the changelog. 👍

@zkat
Copy link
Contributor Author

zkat commented Aug 9, 2018

[email protected] has been tagged and released. This PR will stay open until [email protected] goes live. 👍

@zkat zkat merged commit 58ece89 into latest Aug 15, 2018
isaacs added a commit that referenced this pull request Aug 5, 2019
FEATURES

* [bbcf7b2](npm/hosted-git-info@bbcf7b2)
  [#46](npm/hosted-git-info#46)
  [#43](npm/hosted-git-info#43)
  [#47](npm/hosted-git-info#47)
  [#44](npm/hosted-git-info#44) Add support for
  GitLab groups and subgroups ([@mterrel](https://github.com/mterrel),
  [@isaacs](https://github.com/isaacs),
  [@ybiquitous](https://github.com/ybiquitous))

BUGFIXES

* ([3b1d629](npm/hosted-git-info@3b1d629))
  [#48](npm/hosted-git-info#48) fix http protocol
  using sshurl by default ([@fengmk2](https://github.com/fengmk2))
* [5d4a8d7](npm/hosted-git-info@5d4a8d7) ignore
  noCommittish on tarball url generation
  ([@isaacs](https://github.com/isaacs))
* [1692435](npm/hosted-git-info@1692435) use gist
  tarball url that works for anonymous gists
  ([@isaacs](https://github.com/isaacs))
* [d5cf830](npm/hosted-git-info@d5cf830)
* Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
* [e518222](npm/hosted-git-info@e518222)
  Use LRU cache to prevent unbounded memory consumption
  ([@iarna](https://github.com/iarna))
antongolub pushed a commit to antongolub-forks/npm-cli that referenced this pull request May 18, 2024
Bumps [tap](https://github.com/tapjs/node-tap) from 15.2.3 to 16.0.1.
- [Release notes](https://github.com/tapjs/node-tap/releases)
- [Commits](tapjs/tapjs@v15.2.3...v16.0.1)

---
updated-dependencies:
- dependency-name: tap
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants