fix(package-json): invalid webpack commit sha #506

petermetz · 2021-01-21T02:30:29Z

Describe the bug

When trying to set up the project from scratch (such as the CI is doing it)

you get the error

Run npm ci
  npm ci
  shell: /usr/bin/bash -e {0}
  env:
    JAVA_HOME_8.0.275_x64: /opt/hostedtoolcache/jdk/8.0.275/x64
    JAVA_HOME: /opt/hostedtoolcache/jdk/8.0.275/x64
    JAVA_HOME_8_0_275_X64: /opt/hostedtoolcache/jdk/8.0.275/x64
npm ERR! code 128
npm ERR! Command failed: git checkout a1021fd674dd24b13d759611b77b5d7057f7f0ea
npm ERR! fatal: reference is not a tree: a1021fd674dd24b13d759611b77b5d7057f7f0ea
npm ERR! 

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2021-01-21T02_12_54_047Z-debug.log

To Reproduce

cd $PROJECT_ROOT
rm package-lock.json
rm -rf node_modules
npm install

Expected behavior

npm install should not fail

Logs/Stack traces

Run actions/setup-node@v2.1.2
  with:
    node-version: v12.13.0
    always-auth: false
    check-latest: false
    token: ***
  env:
    JAVA_HOME_8.0.275_x64: /opt/hostedtoolcache/jdk/8.0.275/x64
    JAVA_HOME: /opt/hostedtoolcache/jdk/8.0.275/x64
    JAVA_HOME_8_0_275_X64: /opt/hostedtoolcache/jdk/8.0.275/x64
Attempting to download v12.13.0...
Acquiring 12.13.0 from https://github.com/actions/node-versions/releases/download/12.13.0-20200507.88/node-12.13.0-linux-x64.tar.gz
Extracting ...
/usr/bin/tar xz --strip 1 --warning=no-unknown-keyword -C /home/runner/work/_temp/2a9375d2-0ba6-4926-9c77-36a30f5fc64d -f /home/runner/work/_temp/bc132599-8217-4c6f-8c16-5e8ec879caa5
Adding to the cache ...
Done

Operating system name, version, build:

Affects all versions of all OS'

Hyperledger Cactus release version or commit (git rev-parse --short HEAD):

main

Hyperledger Cactus Plugins/Connectors Used

N/A

Additional context

The git commit SHA in the dependency version for webpack is necessary because there's been an open PR for webpack (to support a feature we need) for quite some time and it is unknown when if ever it will get merged unfortunately.

cc: @sfuji822 @takeutak @hartm @jonathan-m-hamilton

The text was updated successfully, but these errors were encountered:

Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

…dger#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger#449 Depends on hyperledger#506 hyperledger#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes #506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

…dger#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger#449 Depends on hyperledger#506 hyperledger#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes #449 Depends on #506 #507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

…dger#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger#449 Depends on hyperledger#506 hyperledger#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: Jordi Giron <jordi.giron.amezcua@accenture.com>

…dger#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger#449 Depends on hyperledger#506 hyperledger#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: Jordi Giron <jordi.giron.amezcua@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: Jordi Giron <jordi.giron.amezcua@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: Jordi Giron <jordi.giron.amezcua@accenture.com>

This commit is necessary because of a rebase that happened on the fork where the webpack feature we need was implemented. The rebase changed the commit sha and therefore made that version of the code disappear too. To avoid this issue happening again in the future a dedicated branch was created on the fork which will not be touched by future rebases that are necessary for the pull request to be kept up to date with the main branch of webpack itself. The so called backup branch mentioned above is called cactus-webpack-ignore-require-calls-feature which you can see being specified in the package.json. Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

petermetz added bug Something isn't working dependencies Pull requests that update a dependency file labels Jan 21, 2021

petermetz added this to the v0.4.0 milestone Jan 21, 2021

petermetz self-assigned this Jan 21, 2021

petermetz added a commit to petermetz/cacti that referenced this issue Jan 21, 2021

fix(package-json): invalid webpack commit sha hyperledger#506

cf49369

Fixes hyperledger#506 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

This was referenced Jan 21, 2021

fix(package-json): invalid webpack commit sha #506 #507

Merged

chore(deps): fabric connector upgrade bl #499

Merged

petermetz mentioned this issue Jan 21, 2021

build(deps): upgrade axios to 0.21.1 due to high severity CVE #449 #508

Merged

petermetz closed this as completed in #507 Jan 25, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(package-json): invalid webpack commit sha #506

fix(package-json): invalid webpack commit sha #506

petermetz commented Jan 21, 2021

fix(package-json): invalid webpack commit sha #506

fix(package-json): invalid webpack commit sha #506

Comments

petermetz commented Jan 21, 2021