Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v6.10.3 #230

Merged
merged 17 commits into from
Aug 6, 2019
Merged

v6.10.3 #230

merged 17 commits into from
Aug 6, 2019

Conversation

isaacs
Copy link
Contributor

@isaacs isaacs commented Aug 5, 2019

v6.10.3 (2019-08-06):

BUGFIXES

DEPENDENCIES

isaacs and others added 14 commits July 24, 2019 01:31
PR-URL: #220
Credit: @kittenking
Close: #220
Reviewed-by: @isaacs
Consistently use “vulnerabilities” in the message, don't use confusing
“vulns”.

PR-URL: #223
Credit: @sapegin
Close: #223
Reviewed-by: @isaacs
Suggested by @godmar in
https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5

Incidentally, this turned up that we're catching uncaughtExceptions in
the main npm functions, but not unhandledRejections!

Tracing this through, it seems like node-fetch-npm's use of cacache is
particularly brittle.  Any throw that comes from cacache is not caught
properly, since node-fetch-npm is all streams and callbacks.  The naive
approach (just adding a catch and failing the callback) doesn't work,
because then make-fetch-happen and npm-registry-fetch interpret the
failure as an invalid response, when actually it was a local cache
error.

So, a bit more love and polish is definitely still needed in the
guts of npm's fetching and caching code paths.  In the meantime, though,
handling any unhandledRejection at the top level prevents at least the
worst and most useless type of error message.

PR-URL: #227
Credit: @isaacs
Close: #227
Reviewed-by: @isaacs
FEATURES

* [bbcf7b2](npm/hosted-git-info@bbcf7b2)
  [#46](npm/hosted-git-info#46)
  [#43](npm/hosted-git-info#43)
  [#47](npm/hosted-git-info#47)
  [#44](npm/hosted-git-info#44) Add support for
  GitLab groups and subgroups ([@mterrel](https://github.com/mterrel),
  [@isaacs](https://github.com/isaacs),
  [@ybiquitous](https://github.com/ybiquitous))

BUGFIXES

* ([3b1d629](npm/hosted-git-info@3b1d629))
  [#48](npm/hosted-git-info#48) fix http protocol
  using sshurl by default ([@fengmk2](https://github.com/fengmk2))
* [5d4a8d7](npm/hosted-git-info@5d4a8d7) ignore
  noCommittish on tarball url generation
  ([@isaacs](https://github.com/isaacs))
* [1692435](npm/hosted-git-info@1692435) use gist
  tarball url that works for anonymous gists
  ([@isaacs](https://github.com/isaacs))
* [d5cf830](npm/hosted-git-info@d5cf830)
* Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
* [e518222](npm/hosted-git-info@e518222)
  Use LRU cache to prevent unbounded memory consumption
  ([@iarna](https://github.com/iarna))
@isaacs isaacs added the release label Aug 5, 2019
@isaacs isaacs requested a review from a team as a code owner August 5, 2019 17:08
@isaacs isaacs force-pushed the release-next-6.10.3 branch from 4ee19e9 to 649e3c8 Compare August 5, 2019 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants