Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: completely upgrade npm in LTS to 2.15.1 #5987

Closed
wants to merge 1 commit into from
Closed

deps: completely upgrade npm in LTS to 2.15.1 #5987

wants to merge 1 commit into from

Conversation

othiym23
Copy link
Contributor

@othiym23 othiym23 commented Apr 1, 2016

This is the same as feceb77, only it includes the version tag marking it as npm@2.15.1 (instead of npm@2.15.0).

My apologies for the confusion.

r: @thealphanerd
r: @rvagg

@MylesBorins MylesBorins added npm Issues and PRs related to the npm client dependency or the npm registry. v0.10 labels Apr 1, 2016
@jasnell
Copy link
Member

jasnell commented Apr 1, 2016

LGTM
extremely minor nit: there appears to be an extraneous whitespace edit in deps/npm/node_modules/request/node_modules/hawk/node_modules/cryptiles/.travis.yml

@othiym23
Copy link
Contributor Author

othiym23 commented Apr 1, 2016

@jasnell that PR was made with git fetch --all && git rebase --whitespace=fix upstream/v0.10-staging, so that's Git's doing, not mine.

@jasnell
Copy link
Member

jasnell commented Apr 1, 2016

Understood :-)

@jasnell
Copy link
Member

jasnell commented Apr 18, 2016

@thealphanerd @Fishrock123 ... can I get another set of eyes to review this :-)

@MylesBorins
Copy link
Contributor

I already review and landed on v4. We likely want an update to 2.15.3 in order to fix the removal of test-legacy

Same for 0.12

/cc @othiym23

@jasnell
Copy link
Member

jasnell commented Apr 28, 2016

@nodejs/lts

@MylesBorins
Copy link
Contributor

#5988 (comment)

this one already landed on v4.x

It is missing a patch that gets rid of legacy test. @othiym23 would it make more sense to update 0.10 and 0.12 to the latest lts npm?

@othiym23
Copy link
Contributor Author

It's simple enough for us / me to do, but I was under the understanding that there were a rob ably no further releases for 0.10 and 0.12. The changes are pretty small.

@MylesBorins
Copy link
Contributor

I think that we are still going to have a release this could be in

/cc @rvagg

@rvagg rvagg mentioned this pull request May 5, 2016
Closed
@MylesBorins
Copy link
Contributor

so it seems like the npm v2 test suite is just not working on v0.10 with make.

I installed the build of v0.10-staging locally and manually ran npm install && npm test in the npm directory. This is far from the entire unit test suite, but it is still better than nothing

Things are looking good aside from the single failure we also saw on v0.12

test/tap/outdated-symlink.js ........................ 13/14 4s
  when outdated is called linked packages should be displayed as such
  not ok Global Install format as expected
    at:
      file: test/tap/outdated-symlink.js
      line: 62
      column: 9
    stack: |
      test/tap/outdated-symlink.js:62:9
      f (node_modules/once/once.js:17:25)
      ChildProcess.<anonymous> (test/common-tap.js:58:5)
      maybeClose (child_process.js:766:16)
      Socket.<anonymous> (child_process.js:979:11)
      Pipe.close (net.js:466:12)

Again, this is a new test, and we already have this version in production without many complaints afaik.

With all of this being said I'm going to land this into v0.10-staging, but I would like to see if @nodejs/npm can let us know what is up with the broken test

@MylesBorins
Copy link
Contributor

LGTM

MylesBorins pushed a commit that referenced this pull request May 5, 2016
@othiym23
deps: completely upgrade npm in LTS to 2.15.1
3cff81c 
PR-URL: #5987
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
@MylesBorins
Copy link
Contributor

landed as 3cff81c

@MylesBorins MylesBorins closed this May 5, 2016
rvagg added a commit that referenced this pull request May 6, 2016
@rvagg
2016-05-06 Version 0.10.45 (Maintenance) Release
1b2bc79 
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) #5987
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) #6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for
    full details
rvagg added a commit that referenced this pull request May 6, 2016
@rvagg
2016-05-06 Version 0.10.45 (Maintenance) Release
1ec421e 
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) #5987
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) #6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for
    full details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
npm Issues and PRs related to the npm client dependency or the npm registry.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@othiym23 @jasnell @MylesBorins