pm: honor yarn supportedArchitectures, mTLS cert/key, npmAlwaysAuth#48
Merged
Conversation
Bumps the vendor/aube pin to 12b18db, which reads three previously-ignored .yarnrc.yml settings and routes them through the existing engine machinery: - supportedArchitectures filters optional/platform deps for the declared os/cpu/libc (same resolver path the pnpm value uses). - httpsCertFilePath / httpsKeyFilePath load the mTLS client cert/key. - npmAlwaysAuth attaches the registry token to cross-origin tarball requests. Removes the nub-side supportedArchitectures FATAL gate (the arch-filter resolver is built and now fed for yarn) and updates the yarn compat docs. Refs the pm-compat fix lane (B-3 / B-9 / B-12).
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
nanoid@3.3.14 published without trust evidence trips trustPolicy=no-downgrade (ERR_NUB_TRUST_DOWNGRADE) at install, which breaks the daily-driver CI on main and this PR. Bundled here so a single pin advance fixes both — see the PR body.
Contributor
Author
|
Shipped in v0.1.10: https://github.com/nubjs/nub/releases/tag/v0.1.10 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reads three previously-ignored
.yarnrc.ymlsettings and routes them through the existing engine machinery, plus a bundled one-line trust-list fix to unblock CI on a single pin advance. Bumps thevendor/aubepin toe7aaafc(onnub-fork).Yarn config (B-3 / B-9 / B-12)
supportedArchitecturessetting (the same channelpackageExtensionsuses) and unioned into the resolver's platform filter at install time, so optional/platform deps are filtered for the declaredos/cpu/libc. The nub-side FATAL gate that aborted on this key is removed — the arch-filter resolver is built and now fed for yarn, same as the pnpm path.networkSettings) — the referenced PEM files are loaded and emitted as the inlinecert/keythe registry client's mTLS identity consumer already takes.always-auth; the registry client now attaches the home registry's token to requests on a different origin (e.g. tarballs on a separate CDN) when set, instead of sending them unauthenticated.All three are additive reads gated on the user's explicit yarn config; the default (no setting) path is unchanged.
Bundled CI unblock: nanoid trust-downgrade
nanoid@3.3.14was published to npm without trust evidence after an earlier version carried a trusted publisher, sotrustPolicy=no-downgrade(the aube default) rejects it withERR_NUB_TRUST_DOWNGRADE(exit 23) atnub install— which breaks the daily-driver onmainand every open PR.nanoidis added toDEFAULT_TRUST_POLICY_EXCLUDESalongside the other provenance-churn packages. Bundled here so a single pin advance fixes both concerns at once; the other PRs rebase onto this after merge.Verification
cargo buildclean.cargo clippy --all-targets --all-features -- -D warningsclean,cargo fmt --checkclean,cargo test -p nub-cli unsupported_configgreen..yarnrc.ymlwith asupportedArchitecturesblock no longer abortsnub install. The daily-driverinstallstep now passes against the new pin (it exits 23 onmaindue to nanoid); main +npm_config_trust_policy=offruns the full daily-driver green, confirming nanoid is the sole install-stage blocker.Docs: the yarn compat tables (
yarn.mdx,install/index.mdx) now mark the three yarn settings as supported.