-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade npm to 1.4.29 #3639
Conversation
See https://github.com/npm/npm/releases/tag/v1.4.29 for details. Encourage users to upgrade to a newer npm, and lays the groundwork for getting npm@2 into Node 0.10 LTS.
lgtm |
Refs: nodejs/Release#37 @othiym23 You mentioned npm/npm@b9474a8 in that thread -- was the patch that prevented user credentials or something from being leaked? |
@Fishrock123: Yes, and that change is meant to be included by upgrading the version of npm included with 0.10 LTS to |
@othiym23 I understand. is there any actual reason that patch wouldn't apply though? It's relatively serious, I think. |
hmm.. that's a tough one. Part of the reason for doing this is that npm v1 won't be getting any more support, including security updates but then we deliver it with a security update ;-) ... but until the updated v0.10 with npm2 is out, those users are still impacted. I think I tend to agree with @Fishrock123 on it tho, it would be best if this included that patch since it's an existing known issue. |
In my judgment, it is no more or less serious than the other security fixes included in |
Fair enough. This change LGTM |
@Fishrock123 @zkat @othiym23 ... would it be possible to have y'all double check that this won't have the same kind of hiccups we were having with the recent npm updates in master? I'll likely get this landed in v0.10-staging by end of week. |
Actual changes LGTM. I skipped the npm tests. |
@zkat is in East Asia for conferencing, and I'm pretty sure this will be free of the shenanigans we were seeing with @Fishrock123, could I prevail upon you to double-check that the npm tests run for you with a clean build? You'll kind of have to do it by hand, because this version doesn't include the fixes to the test scripts we've landed in |
Yeah I'll do the tests thing tomorrow. :)
|
Ok, quick test run on my end shows everything green also. Will get this landed now into |
See https://github.com/npm/npm/releases/tag/v1.4.29 for details. Encourage users to upgrade to a newer npm, and lays the groundwork for getting npm@2 into Node 0.10 LTS. PR-URL: #3639 Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: James M Snell <[email protected]>
Landed in v0.10-staging in b68781e |
@jasnell did you |
is there an environment in CI for running the npm tests? |
@thealphanerd no, see nodejs/build#234 for more details. |
LGTM though, but need to be careful about that. |
Yes I did. Didn't see anything of concern but we still need to double and triple check. At this point there's nothing else in v0.10-staging so we're safe. Let's get everything verified. |
Ok, should be fine then. |
🎉 Thanks to all, and a PR upgrading to |
See https://github.com/npm/npm/releases/tag/v1.4.29 for details.
Encourage users to upgrade to a newer npm that supports scopes, and lays the groundwork for getting
npm@2
into Node 0.10 LTS.r: @jasnell
r: @Fishrock123