Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update node.js to v18 #2951

Closed
wants to merge 1 commit into from
Closed

chore(deps): update node.js to v18 #2951

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 28, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node engines major 16.x -> 18.x age adoption passing confidence
@types/node (source) devDependencies minor 18.11.17 -> 18.14.6 age adoption passing confidence

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

nodejs/node

v18.15.0: 2023-03-07, Version 18.15.0 'Hydrogen' (LTS), @​BethGriggs prepared by @​juanarbol

Compare Source

Notable Changes
Commits

v18.14.2: 2023-02-21, Version 18.14.2 'Hydrogen' (LTS), @​MylesBorins

Compare Source

Notable Changes
Commits

v18.14.1: 2023-02-16, Version 18.14.1 'Hydrogen' (LTS), @​RafaelGSS prepared by @​juanarbol

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

  • CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
  • CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
  • CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
  • CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
  • CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent
OpenSSL security advisory.

Commits

v18.14.0: 2023-02-02, Version 18.14.0 'Hydrogen' (LTS), @​BethGriggs prepared by @​juanarbol

Compare Source

Notable changes
Updated npm to 9.3.1

Based on the list of guidelines we've established on integrating npm and node,
here is a grouped list of the breaking changes with the reasoning as to why they
fit within the guidelines linked above. Note that all the breaking changes were
made in 9.0.0.
All subsequent minor and patch releases after npm@9.0.0 do not contain any
breaking changes.

Engines

Explanation: the node engines supported by npm@9 make it safe to allow npm@9 as the default in any LTS version of 14 or 16, as well as anything later than or including 18.0.0

  • npm is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0
Filesystem

Explanation: when run as root previous versions of npm attempted to manage file ownership automatically on the user's behalf. this behavior was problematic in many cases and has been removed in favor of allowing users to manage their own filesystem permissions

  • npm will no longer attempt to modify ownership of files it creates.
Auth

Explanation: any errors thrown from users having unsupported auth configurations will show npm config fix in the remediation instructions, which will allow the user to automatically have their auth config fixed.

  • The presence of auth related settings that are not scoped to a specific
    registry found in a config file is no longer supported and will throw errors.
Login

Explanation: the default auth-type has changed and users can opt back into the old behavior with npm config set auth-type=legacy. login and adduser have also been seperated making each command more closely match it's name instead of being aliases for each other.

  • Legacy auth types sso, saml & legacy have been consolidated into "legacy".
  • auth-type defaults to "web"
  • login and adduser are now separate commands that send different data to the registry.
  • auth-type config values web and legacy only try their respective methods,
    npm no longer tries them all and waits to see which one doesn't fail.
Tarball Packing

Explanation: previously using multiple ignore/allow lists when packing was an undefined behavior, and now the order of operations is strictly defined when packing a tarball making it easier to follow and should only affect users relying on the previously undefined behavior.

  • npm pack now follows a strict order of operations when applying ignore rules.
    If a files array is present in the package.json, then rules in .gitignore
    and .npmignore files from the root will be ignored.
Display/Debug/Timing Info

Explanation: these changes center around the display of information to the terminal including timing and debug log info. We do not anticipate these changes breaking any existing workflows.

  • Links generated from git urls will now use HEAD instead of master as the default ref.
  • timing has been removed as a value for --loglevel.
  • --timing will show timing information regardless of --loglevel, except when --silent.
  • When run with the --timing flag, npm now writes timing data to a file
    alongside the debug log data, respecting the logs-dir option and falling
    back to <CACHE>/_logs/ dir, instead of directly inside the cache directory.
  • The timing file data is no longer newline delimited JSON, and instead each run
    will create a uniquely named <ID>-timing.json file, with the <ID> portion
    being the same as the debug log.
  • npm now outputs some json errors on stdout. Previously npm would output
    all json formatted errors on stderr, making it difficult to parse as the
    stderr stream usually has logs already written to it.
Config/Command Deprecations or Removals

Explanation: install-links is the only config or command in the list that has an effect on package installs. We fixed a number of issues that came up during prereleases with this change. It will also only be applied to new package trees created without a package-lock.json file. Any install with an existing lock file will not be changed.

  • Deprecate boolean install flags in favor of --install-strategy.
  • npm config set will no longer accept deprecated or invalid config options.
  • install-links config defaults to "true".
  • node-version config has been removed.
  • npm-version config has been removed.
  • npm access subcommands have been renamed.
  • npm birthday has been removed.
  • npm set-script has been removed.
  • npm bin has been removed (use npx or npm exec to execute binaries).
Other notable changes
  • doc:
    • add parallelism note to os.cpus() (Colin Ihrig) #​45895
  • http:
    • join authorization headers (Marco Ippolito) #​45982
    • improved timeout defaults handling (Paolo Insogna) #​45778
  • stream:
    • implement finished() for ReadableStream and WritableStream (Debadree Chatterjee) #​46205
Commits

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@changeset-bot
Copy link

changeset-bot bot commented Feb 28, 2023
edited

⚠️ No Changeset found

Latest commit: 26cb8b8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@neo4j-team-graphql
Copy link
Collaborator

neo4j-team-graphql commented Feb 28, 2023
edited

Performance Report

No Performance Changes

Show Full Table
name dbHits old dbHits time (ms) old time (ms) maxRows
aggregations.TopLevelAggregate 3403 3403 36 67 1134
aggregations.NestedAggregation 13514 13514 95 123 2174
aggregations.AggregationWithWhere 10942 10942 74 88 2174
aggregations.AggregationWhereWithinNestedRelationships 20101954 20101954 2977 2735 2008534
aggregations.AggregationWhereWithinNestedConnections 20101954 20101954 2869 2723 2008534
aggregations.NestedCountFromMovieToActors 8694 8694 72 79 2174
aggregations.NestedCountFromActorsToMovie 8900 8900 51 75 2174
aggregations.DeeplyNestedCount 12062296 12062298 4659 4555 2008534
batch-create.BatchCreate 3600 3600 91 195 600
connect.createAndConnect 12419 12419 353 238 3003
connections.Connection 13042 13042 169 144 2174
connections.NestedConnection 38231 38235 125 148 4516
connections.ConnectionWithSort 2277 2277 61 89 1040
connections.ConnectionWithSortAndCypher 2277 2277 185 295 1040
create.SimpleMutation 6 6 36 36 1
cypher-directive.TopLevelCypherDirective 99525 99525 770 917 10168
cypher-directive.TopLevelCypherDirectiveWithColumnName 127994 127994 317 308 10168
delete.SimpleDelete 18361 18361 220 241 1040
delete.NestedDeleteInUpdate 17123 17123 214 150 2040
query.SimpleQuery 14120 14120 169 122 2174
query.QueryWhere 8680 8680 40 41 2167
query.SimpleQueryWithNestedWhere 8851 8851 54 57 2167
query.Nested 10084290 10084290 9915 10699 2008534
query.NestedWithFilter 37172 37172 124 151 4511
query.OrFilterOnRelationships 36521 35984 156 202 1686
query.OrFilterOnRelationshipsAndNested 30436 30040 251 302 1686
query.QueryWithNestedIn 12142 12142 55 61 1149
query.NestedConnectionWhere 8794 8794 53 63 2174
query.DeeplyNestedConnectionWhere 8808 8808 74 111 2174
query.DeeplyNestedWithRelationshipFilters 6251 6251 123 152 1134
query.NestedWithRelationshipSingleFilters 3021189 3021189 706 668 1003942
query.Fulltext 96 96 66 29 16
query.FulltextWithNestedQuery 571 571 59 59 84
sorting.SortMultipleTypes 2493 2493 72 110 1040
sorting.SortMultipleTypesWithCypherWithCypher 1409 1409 156 262 1040
sorting.SortOnNestedFields 13042 13042 54 103 2174
sorting.SortDeeplyNestedFields 38965 38965 108 138 4516
sorting.SortWithTopLevelCypher 2119 2119 100 205 1040
unions.SimpleUnionQuery 321 321 58 75 35
unions.SimpleUnionQueryWithMissingFields 293 293 63 66 35
unions.NestedUnion 398553 398553 315 350 33033
unions.NestedUnionWithMissingFields 372527 372527 328 330 33033
update.NestedUpdate 2119 2119 47 56 1040

Old Schema Generation: 39.586s
Schema Generation: 34.394s

tbwiss
tbwiss reviewed Mar 1, 2023
View reviewed changes
examples/neo-place/package.json
@@ -4,7 +4,7 @@
"private": true,
"description": "Subscriptions example",
"engines": {
"node": "16.x"
"node": "18.x"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This did not work in December 2022

@renovate renovate bot force-pushed the renovate/node-18.x branch 10 times, most recently from d218ec6 to 8cba035 Compare March 4, 2023 05:41
@renovate renovate bot changed the title Update Node.js to v18 chore(deps): update node.js to v18 Mar 4, 2023
@renovate renovate bot force-pushed the renovate/node-18.x branch 12 times, most recently from 1aa91a6 to ac83755 Compare March 8, 2023 08:20
@mjfwebb
Copy link
Contributor

mjfwebb commented Mar 8, 2023

I am closing this PR. We can address this manually in the future.

@mjfwebb mjfwebb closed this Mar 8, 2023
@renovate
Copy link
Contributor Author

renovate bot commented Mar 8, 2023
edited

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 18.x releases. But if you manually upgrade to 18.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate bot deleted the renovate/node-18.x branch March 8, 2023 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbwiss tbwiss tbwiss left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@neo4j-team-graphql @mjfwebb @tbwiss