Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: completely upgrade npm in LTS to 2.15.1 #5988

Closed
wants to merge 1 commit into from
Closed

deps: completely upgrade npm in LTS to 2.15.1 #5988

wants to merge 1 commit into from

Conversation

othiym23
Copy link
Contributor

@othiym23 othiym23 commented Apr 1, 2016

This is the same as 4041ea6, only it includes the version tag marking it as npm@2.15.1 (instead of npm@2.15.0).

My apologies for the confusion.

r: @thealphanerd
r: @rvagg

@othiym23 othiym23 added npm Issues and PRs related to the npm client dependency or the npm registry. v0.12 labels Apr 1, 2016
@elicwhite elicwhite mentioned this pull request Apr 1, 2016
Closed
@jasnell
Copy link
Member

jasnell commented Apr 1, 2016

LGTM

@jasnell
Copy link
Member

jasnell commented Apr 28, 2016

@nodejs/lts

@MylesBorins
Copy link
Contributor

this one already landed on v4.x

It is missing a patch that gets rid of legacy test. @othiym23 would it make more sense to update 0.10 and 0.12 to the latest lts npm?

@MylesBorins MylesBorins mentioned this pull request Apr 28, 2016
Closed
@rvagg
Copy link
Member

rvagg commented May 5, 2016

@thealphanerd can you help land this one? I'd like to bundle it with the openssl fixes, same as #5987 for v0.10.

@MylesBorins
Copy link
Contributor

@rvagg I'm going to see if I can get this PR working by manually adding 8acb886 on top... if that works than all should be good, otherwise we might need another update from npm.. I've pinged @othiym23 and @zkat over on irc... (and now here)

I'll do a test right now and see if we get get away with a cherry-pick

@MylesBorins
Copy link
Contributor

So it looks like we have afailing test on v0.12

test/tap/outdated-symlink.js ........................ 13/14 4s
  when outdated is called linked packages should be displayed as such
  not ok Global Install format as expected
    at:
      file: test/tap/outdated-symlink.js
      line: 62
      column: 9
    stack: |
      test/tap/outdated-symlink.js:62:9
      f (node_modules/once/once.js:17:25)
      ChildProcess.<anonymous> (test/common-tap.js:58:5)
      maybeClose (internal/child_process.js:827:16)
      Process.ChildProcess._handle.onexit (internal/child_process.js:211:5)

It looks like this is a new test not present in 2.14.19 (version bundled with node v0.12.12). There were two npm test failures in that version Technically we have already shipped this version of npm, and this update is primarily meta data.

I'm going to land this with the patch to fix testing in staging and we can decide to follow up as necessary.

@MylesBorins
Copy link
Contributor

LGTM

MylesBorins pushed a commit that referenced this pull request May 5, 2016
@othiym23
deps: completely upgrade npm in LTS to 2.15.1
3e99ee1 
PR-URL: #5988
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
MylesBorins pushed a commit that referenced this pull request May 5, 2016
@zkat
tools: remove obsolete npm test-legacy command
810fb21 
PR-URL: #5988
Reviewed-By: Myles Borins <myles.borins@gmail.com>
@MylesBorins
Copy link
Contributor

landed in 2b63396...810fb21

@MylesBorins MylesBorins closed this May 5, 2016
rvagg added a commit that referenced this pull request May 6, 2016
@rvagg
2016-05-06 Version 0.12.14 (Maintenance) Release
a7376c9 
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) #5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) #6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
    for full details
@rvagg rvagg mentioned this pull request May 6, 2016
Merged
rvagg added a commit that referenced this pull request May 6, 2016
@rvagg
2016-05-06 Version 0.12.14 (Maintenance) Release
98b534f 
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) #5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) #6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
    for full details
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
@othiym23 @jBarz
deps: completely upgrade npm in LTS to 2.15.1
0554850 
PR-URL: nodejs/node#5988
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
@zkat @jBarz
tools: remove obsolete npm test-legacy command
ad888ea 
PR-URL: nodejs/node#5988
Reviewed-By: Myles Borins <myles.borins@gmail.com>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
@rvagg @jBarz
2016-05-06 Version 0.12.14 (Maintenance) Release
b845197 
Notable changes:

* npm: Correct erroneous version number in v2.15.1 code
  (Forrest L Norvell) nodejs/node#5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
  (Shigeki Ohtsu) nodejs/node#6553
  - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
  - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
  - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
    for full details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
npm Issues and PRs related to the npm client dependency or the npm registry.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@othiym23 @jasnell @MylesBorins @rvagg