-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade npm to 6.1.0 #20190
deps: upgrade npm to 6.1.0 #20190
Conversation
/cc @jasnell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rubber-stamp LGTM if Ci is green. Probably want to run CITGM too?
This is likely semver-major. |
@nodejs/tsc I'm labeling this [EDIT: Just to make sure there's no confusion, 👍 means you approve landing this in 10.0.0 and 👎 means you are opposed to it. Heck, let's throw in 😕 for anyone who wants to indicate they have no opinion either way, basically abstaining.] |
@Trott it should be noted that this is not 6.0.0 yet — it looks like 6.0.0 hasn't been tagged. @iarna Is this WiP? What's the ETA for 6.0.0? |
@ChALkeR Our plans over the last several months has been to only badge 6.0.0 in conjunction with the Node 10 release, assuming npm6 lands in Node 10. The version badged as 6.0.0 and tagged as latest will otherwise be exactly the same as 6.0.0-next.2. (I have a sneaking suspicion that our plans were not communicated and coordinated where I thought they were, so if this is the first you all are hearing of this, I appologize.) |
@iarna what are the semver major changes from 5 -> 6 Is it possible that this could be semver minor? If so we could also backport to 8.x |
@MylesBorins I think I answered all these questions in opening: The major changes are described under "breaking changes" in the summary. They are quite minor but they aren't semver minor. I'm of the opinion that they're valuable enough that we should lobby to include them in Node 8, but YMMV. And if you look under "where should this land" I said:
There's a 5.10.0 rc currently published, but I'd want to do a 5.11 with the non-breaking things from 6 if it's decided that Node 8 can't take 6. |
Considering the status of things, +1 to fast-track with CI and CITGM ok. |
@iarna Yes, that looks good to me then. Huge +1 to getting npm@6 into 10.0.0.
@mcollina I don't think this could be fast-tracked, could it? |
If we plan to release on Tuesday 24th, there won’t be 72 hours (weekend time) to be able to issue another rc with this in. If we want to have this in 10.0.0, this should have landed weeks ago. The longer we wait the worse it’ll get. We need TSC approval anyway. |
As I understand #20121 (comment), we essentially want a @nodejs/tsc vote for this. I’m okay with landing this in 10.0.0, but yes, it’s way past the deadline and not exactly a trivial change, so I think it would be a good option to include it in the first semver-minor release, given how small the actual breakages here are. |
No, this pr cannot be fast tracked in the normal sense. It's too large, needs more review, and adequate consideration. I'm leaning strongly against rushing it in to 10.0.0 and potentially landing it as a minor in a 10.x minor later. |
+1 to landing it in a semver minor. |
I am leaning towards landing it as semver minor as well |
I’m also +1 to landing as a minor after 10.0.0 is released as well. |
+1 for semver minor after the release. Good precident for landing it on 8.x
…On Sat, Apr 21, 2018, 11:07 AM Matteo Collina ***@***.***> wrote:
I’m also +1 to landing as a minor after 10.0.0 is released as well.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20190 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAecV832X4VRsisU0l_tAC7vUyZqgPSDks5tq0s5gaJpZM4TeUV9>
.
|
+1 on landing this as semver-minor. |
+1 on landing this as semver-minor after the release. |
Removing this from the 10.0.0 milestone. |
Seems like there's consensus on landing this in 10.x but not 10.0. Removing |
PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Notable Changes: * **deps**: - upgrade npm to 6.1.0 (Rebecca Turner) #20190 * **fs**: - fix reads with pos \> 4GB (Mathias Buus) #21003 * **net**: - new option to allow IPC servers to be readable and writable by all users (Bartosz Sosnowski) #19472 * **stream**: - fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed (Kael Zhang) #20924 * **Added new collaborators** - John-David Dalton (https://github.com/jdalton) PR-URL: #21011
Notable Changes: * **deps**: - upgrade npm to 6.1.0 (Rebecca Turner) #20190 * **fs**: - fix reads with pos \> 4GB (Mathias Buus) #21003 * **net**: - new option to allow IPC servers to be readable and writable by all users (Bartosz Sosnowski) #19472 * **stream**: - fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed (Kael Zhang) #20924 * **Added new collaborators** - John-David Dalton (https://github.com/jdalton) PR-URL: #21011
Notable Changes: * **deps**: - upgrade npm to 6.1.0 (Rebecca Turner) #20190 * **fs**: - fix reads with pos \> 4GB (Mathias Buus) #21003 * **net**: - new option to allow IPC servers to be readable and writable by all users (Bartosz Sosnowski) #19472 * **stream**: - fix removeAllListeners() for Stream.Readable to work as expected when no arguments are passed (Kael Zhang) #20924 * **Added new collaborators** - John-David Dalton (https://github.com/jdalton) PR-URL: #21011
PR-URL: nodejs#20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: nodejs#20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Backport-PR-URL: #21302 PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Backport-PR-URL: #21302 PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Checklist
make test-npm
passesWhere this should land
Breaking changes
This is a major release, so it does include breaking changes. They are, however, very minor and important:
npm update
andnpm outdated
now will not suggest versions greater than the version tagged aslatest
. This is in alignment with the use of tags for release trains or experimental versions, while not requiring the use of prerelease version numbers.npm install
will now do its best to avoid versions that are marked as deprecated. That is makesnpm deprecate
similar to how thegem yank
command works in ruby. If you specifically ask for a deprecated version you will still get it.npm
will now report that it no longer supports node v4 and node v7.Notable changes
npm init
now can take an argument and it will run a matchingcreate-…
script from the registry. An amalgam ofnpx
andyarn create
.npm audit
provides a vulnerability scanner. The registry side of this will be available soon. Details are discussed in the CHANGELOGnpm audit fix
to help users automatically fix vulnerabilities found withnpm audit
.npm hook
command. Previously this functionality was found in the modulewombat
. With webhooks you can request notification whenever a package updates.new Buffer
in npmnpm view
npm pack
andnpm publish
previews when running them with--dry-run
npm ci
, new, faster, lock-file only install mode andnpm cit
to install and test--only=production
,--no-optional
, etc)Changelogs