From b6569538de69e0ccd201f0a33f1f5b52f2656f5b Mon Sep 17 00:00:00 2001 From: kaylie-alexa Date: Thu, 6 Jun 2019 09:38:02 -0700 Subject: [PATCH 01/49] fix(install): Inherit optional property for resolutions (#7273) 6040 --- __tests__/commands/install/resolutions.js | 6 ++++++ .../install/resolutions/optional-deps/package.json | 10 ++++++++++ src/cli/commands/check.js | 3 ++- src/cli/commands/install.js | 4 +++- 4 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 __tests__/fixtures/install/resolutions/optional-deps/package.json diff --git a/__tests__/commands/install/resolutions.js b/__tests__/commands/install/resolutions.js index 0fbee2706d..65d7cfeb66 100644 --- a/__tests__/commands/install/resolutions.js +++ b/__tests__/commands/install/resolutions.js @@ -46,6 +46,12 @@ test.concurrent('install with --frozen-lockfile with resolutions', async (): Pro } }); +test.concurrent('install with resolutions on optional dependencies should not resolve', (): Promise => { + return runInstall({ignoreOptional: true}, {source: 'resolutions', cwd: 'optional-deps'}, async config => { + expect(await isPackagePresent(config, 'left-pad')).toEqual(false); + }); +}); + test.concurrent('install with exotic resolutions should override versions', (): Promise => { return runInstall({}, {source: 'resolutions', cwd: 'exotic-version'}, async config => { expect(await getPackageVersion(config, 'left-pad')).toEqual('1.1.1'); diff --git a/__tests__/fixtures/install/resolutions/optional-deps/package.json b/__tests__/fixtures/install/resolutions/optional-deps/package.json new file mode 100644 index 0000000000..eb5a904f39 --- /dev/null +++ b/__tests__/fixtures/install/resolutions/optional-deps/package.json @@ -0,0 +1,10 @@ +{ + "name": "project", + "version": "1.0.0", + "optionalDependencies": { + "left-pad": "^1.0.0" + }, + "resolutions": { + "left-pad": "^1.1.1" + } +} diff --git a/src/cli/commands/check.js b/src/cli/commands/check.js index 1c2cc2c925..a8bf842cb4 100644 --- a/src/cli/commands/check.js +++ b/src/cli/commands/check.js @@ -275,7 +275,8 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg const remoteType = pkg._reference.remote.type; const isLinkedDependency = remoteType === 'link' || remoteType === 'workspace' || (remoteType === 'file' && config.linkFileDependencies); - if (isLinkedDependency) { + const isResolution = pkg._reference.hint === 'resolution'; + if (isLinkedDependency || isResolution) { continue; } diff --git a/src/cli/commands/install.js b/src/cli/commands/install.js index 699f6a3379..af3f64f56a 100644 --- a/src/cli/commands/install.js +++ b/src/cli/commands/install.js @@ -1,5 +1,6 @@ /* @flow */ +import objectPath from 'object-path'; import type {InstallationMethod} from '../../util/yarn-version.js'; import type {Reporter} from '../../reporters/index.js'; import type {ReporterSelectOption} from '../../reporters/types.js'; @@ -285,8 +286,9 @@ export class Install { this.resolutionMap.init(this.resolutions); for (const packageName of Object.keys(this.resolutionMap.resolutionsByPackage)) { + const optional = objectPath.has(manifest.optionalDependencies, packageName) && this.flags.ignoreOptional; for (const {pattern} of this.resolutionMap.resolutionsByPackage[packageName]) { - resolutionDeps = [...resolutionDeps, {registry, pattern, optional: false, hint: 'resolution'}]; + resolutionDeps = [...resolutionDeps, {registry, pattern, optional, hint: 'resolution'}]; } } From 6b7ee8c7ad42c4eaf2cd741fbdcd80cd32b2b57d Mon Sep 17 00:00:00 2001 From: Francis Crick Date: Thu, 13 Jun 2019 07:31:58 -0700 Subject: [PATCH 02/49] fix(config): Adds support for --offline flag to global add command (#7330) * fix(config): Adds support for --offline flag to global add command * Update CHANGELOG.md * lower line lengths below 120 --- CHANGELOG.md | 4 ++++ .../index/run-global-add-offline/global/.gitkeep | 0 .../index/run-global-add-offline/package.json | 5 +++++ __tests__/index.js | 15 +++++++++++++++ src/cli/commands/global.js | 1 + 5 files changed, 25 insertions(+) create mode 100644 __tests__/fixtures/index/run-global-add-offline/global/.gitkeep create mode 100644 __tests__/fixtures/index/run-global-add-offline/package.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 047f33c4a0..2692163a6a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Adds support for --offline flag to global add command + + [#7330](https://github.com/yarnpkg/yarn/pull/7330) - [**Francis Crick**](https://guthub.com/fcrick) + - Yarn will tolerate Yaml at parse time. Full support isn't ready yet and will only come at the next major. [#7300](https://github.com/yarnpkg/yarn/pull/7300) - [**Maël Nison**](https://twitter.com/arcanis) diff --git a/__tests__/fixtures/index/run-global-add-offline/global/.gitkeep b/__tests__/fixtures/index/run-global-add-offline/global/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/__tests__/fixtures/index/run-global-add-offline/package.json b/__tests__/fixtures/index/run-global-add-offline/package.json new file mode 100644 index 0000000000..a183089a65 --- /dev/null +++ b/__tests__/fixtures/index/run-global-add-offline/package.json @@ -0,0 +1,5 @@ +{ + "name": "test_global_add_offline", + "version": "1.0.0", + "license": "UNLICENSED" +} diff --git a/__tests__/index.js b/__tests__/index.js index 6c1c73961f..80345e9569 100644 --- a/__tests__/index.js +++ b/__tests__/index.js @@ -146,6 +146,21 @@ if (semver.satisfies(ver, '>=5.0.0')) { }); } +test.concurrent('should fail to find non-existent package offline', async () => { + const command = execCommand( + '--offline', + ['global', 'add', 'doesnotexistqwertyuiop@2.0.0-doesnotexist', '--global-folder', './global'], + 'run-global-add-offline', + true, + ); + await expectAnErrorMessage( + command, + `error Couldn't find any versions for "doesnotexistqwertyuiop" that matches "2.0.0-doesnotexist" in our cache ` + + '(possible versions are ""). This is usually caused by a missing entry in the lockfile, running Yarn without ' + + 'the --offline flag may help fix this issue.', + ); +}); + test.concurrent('should run custom script', async () => { const stdout = await execCommand('run', ['custom-script'], 'run-custom-script'); expectRunOutput(stdout); diff --git a/src/cli/commands/global.js b/src/cli/commands/global.js index 1ab16f21b4..a502cc6659 100644 --- a/src/cli/commands/global.js +++ b/src/cli/commands/global.js @@ -48,6 +48,7 @@ async function updateCwd(config: Config): Promise { await config.init({ cwd: config.globalFolder, + offline: config.offline, binLinks: true, globalFolder: config.globalFolder, cacheFolder: config._cacheRootFolder, From c88c64f0d72ee410534746db40a500a2f65bef51 Mon Sep 17 00:00:00 2001 From: Zixuan Liu Date: Thu, 13 Jun 2019 23:06:31 +0800 Subject: [PATCH 03/49] Fix login for `yarn publish` (#7312) --- src/cli/commands/login.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cli/commands/login.js b/src/cli/commands/login.js index e9371bad9a..dd55cd1a67 100644 --- a/src/cli/commands/login.js +++ b/src/cli/commands/login.js @@ -105,6 +105,7 @@ export async function getToken( // const res = await config.registries.npm.request(`-/user/org.couchdb.user:${encodeURIComponent(username)}`, { method: 'PUT', + registry, body: userobj, auth: {username, password, email}, }); From 40546bf112b4e6b631fb52378c86ab4827e9849a Mon Sep 17 00:00:00 2001 From: David Sanders Date: Thu, 13 Jun 2019 08:07:13 -0700 Subject: [PATCH 04/49] fix(add, upgrade): fix audit flag (#7326) * fix(add, upgrade): fix audit flag * Update CHANGELOG.md --- CHANGELOG.md | 6 +++++- src/cli/commands/add.js | 2 +- src/cli/commands/upgrade.js | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2692163a6a..b9086bd7e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,11 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master -- Adds support for --offline flag to global add command +- Fixes audits when used with `yarn add` & `yarn upgrade` + + [#7326](https://github.com/yarnpkg/yarn/pull/7326) - [**David Sanders**](https://github.com/dsanders11) + +- Adds support for the `--offline` flag to `yarn global add` [#7330](https://github.com/yarnpkg/yarn/pull/7330) - [**Francis Crick**](https://guthub.com/fcrick) diff --git a/src/cli/commands/add.js b/src/cli/commands/add.js index 2ca65a41ce..10bac31848 100644 --- a/src/cli/commands/add.js +++ b/src/cli/commands/add.js @@ -300,7 +300,7 @@ export function setFlags(commander: Object) { commander.option('-O, --optional', 'save package to your `optionalDependencies`'); commander.option('-E, --exact', 'install exact version'); commander.option('-T, --tilde', 'install most recent release with the same minor version'); - commander.option('-A', '--audit', 'Run vulnerability audit on installed packages'); + commander.option('-A, --audit', 'Run vulnerability audit on installed packages'); } export async function run(config: Config, reporter: Reporter, flags: Object, args: Array): Promise { diff --git a/src/cli/commands/upgrade.js b/src/cli/commands/upgrade.js index 53d19f6474..40135de281 100644 --- a/src/cli/commands/upgrade.js +++ b/src/cli/commands/upgrade.js @@ -158,7 +158,7 @@ export function setFlags(commander: Object) { '-C, --caret', 'install most recent release with the same major version. Only used when --latest is specified.', ); - commander.option('-A', '--audit', 'Run vulnerability audit on installed packages'); + commander.option('-A, --audit', 'Run vulnerability audit on installed packages'); } export function hasWrapper(commander: Object, args: Array): boolean { From 2f5c937d12fd8ea64356c205939c4c5ccd4f0845 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Thu, 13 Jun 2019 17:13:29 +0200 Subject: [PATCH 05/49] Prevents the link: protocol from crashing when no package.json is used (#7337) * Stops reading the manifest for link: dependencies * Prevents crashing when the package.json doesnt exist --- src/resolvers/exotics/link-resolver.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolvers/exotics/link-resolver.js b/src/resolvers/exotics/link-resolver.js index c95fda8ef1..a49d52ba8d 100644 --- a/src/resolvers/exotics/link-resolver.js +++ b/src/resolvers/exotics/link-resolver.js @@ -30,7 +30,7 @@ export default class LinkResolver extends ExoticResolver { const name = path.basename(loc); const registry: RegistryNames = 'npm'; - const manifest: Manifest = !await fs.exists(loc) + const manifest: Manifest = !await fs.exists(`${loc}/package.json`) ? {_uid: '', name, version: '0.0.0', _registry: registry} : await this.config.readManifest(loc, this.registry); From 8a60e21258de4fa870740f71315b7aef27dbb153 Mon Sep 17 00:00:00 2001 From: Daniel Seijo Date: Thu, 13 Jun 2019 22:39:28 +0200 Subject: [PATCH 06/49] feat(version): Allow for prereleases flags and prerelease identifiers (#7336) * Complete semver versioning flags with prereleases and preid * Update CHANGELOG --- CHANGELOG.md | 8 ++- __tests__/commands/version.js | 98 +++++++++++++++++++++++++++++++++ flow-typed/npm/semver_v5.1.x.js | 3 +- src/cli/commands/version.js | 27 +++++++-- 4 files changed, 128 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9086bd7e8..e7570e6e65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Adds prereleases flags and prerelease identifier to `yarn version`. + + [#7336](https://github.com/yarnpkg/yarn/pull/7336) - [**Daniel Seijo**](https://github.com/daniseijo) + - Fixes audits when used with `yarn add` & `yarn upgrade` [#7326](https://github.com/yarnpkg/yarn/pull/7326) - [**David Sanders**](https://github.com/dsanders11) @@ -41,7 +45,7 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa - Adds support for the npm enterprise URLs when computing the offline mirror filenames. [#7200](https://github.com/yarnpkg/yarn/pull/7200) - [**John Millikin**](https://john-millikin.com) - + - Tweaks the lockfile parser logic to parse a few extra cases [#7210](https://github.com/yarnpkg/yarn/pull/7210) - [**Maël Nison**](https://twitter.com/arcanis) @@ -119,7 +123,7 @@ The 1.15.1 doesn't exist due to a release hiccup. - Packages won't be auto-unplugged anymore if `ignore-scripts` is set in the yarnrc file [#6983](https://github.com/yarnpkg/yarn/pull/6983) - [**Micha Reiser**](https://github.com/MichaReiser) - + - Enables displaying Emojis on [Terminus](https://github.com/Eugeny/terminus) by default [#7093](https://github.com/yarnpkg/yarn/pull/7093) - [**David Refoua**](https://github.com/DRSDavidSoft) diff --git a/__tests__/commands/version.js b/__tests__/commands/version.js index 7b4e878f93..6210a40a5e 100644 --- a/__tests__/commands/version.js +++ b/__tests__/commands/version.js @@ -182,3 +182,101 @@ test('run version with --patch flag and make sure patch version is incremented', expect(pkg.version).toEqual('1.0.1'); }); }); + +test('run version with --premajor flag and make sure premajor version is incremented', (): Promise => { + return runRun([], {gitTagVersion, premajor: true}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('2.0.0-0'); + }); +}); + +test('run version with --premajor flag with preid and make sure premajor version is incremented', (): Promise => { + return runRun([], {gitTagVersion, premajor: true, preid: 'alpha'}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('2.0.0-alpha.0'); + }); +}); + +test('run version with --preminor flag and make sure preminor version is incremented', (): Promise => { + return runRun([], {gitTagVersion, preminor: true}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.1.0-0'); + }); +}); + +test('run version with --preminor flag with preid and make sure preminor version is incremented', (): Promise => { + return runRun([], {gitTagVersion, preminor: true, preid: 'alpha'}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.1.0-alpha.0'); + }); +}); + +test('run version with --prepatch flag and make sure prepatch version is incremented', (): Promise => { + return runRun([], {gitTagVersion, prepatch: true}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.0.1-0'); + }); +}); + +test('run version with --prepatch flag with preid and make sure prepatch version is incremented', (): Promise => { + return runRun([], {gitTagVersion, prepatch: true, preid: 'alpha'}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.0.1-alpha.0'); + }); +}); + +test('run version with --prerelease flag and make sure prerelease version is incremented', (): Promise => { + return runRun([], {gitTagVersion, prerelease: true}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.0.1-0'); + }); +}); + +test('run version with --prerelease flag with preid and make sure prerelease version is incremented', (): Promise< + void, +> => { + return runRun([], {gitTagVersion, prerelease: true, preid: 'alpha'}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.0.1-alpha.0'); + }); +}); + +test('run version with --new-version prerelease flag and make sure prerelease version is incremented', (): Promise< + void, +> => { + return runRun([], {gitTagVersion, newVersion: 'prerelease'}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.0.1-0'); + }); +}); + +test('run version with --new-version and preid flags and make sure prerelease version is incremented', (): Promise< + void, +> => { + return runRun([], {gitTagVersion, newVersion: 'prerelease', preid: 'beta'}, 'no-args', async (config): ?Promise< + void, + > => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('1.0.1-beta.0'); + }); +}); + +test('run version with --new-version and preid flags and make sure premajor version is incremented', (): Promise< + void, +> => { + return runRun([], {gitTagVersion, newVersion: 'premajor', preid: 'beta'}, 'no-args', async (config): ?Promise< + void, + > => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('2.0.0-beta.0'); + }); +}); + +test('run version with main release and --new-version and preid flags and make sure identifier is ignored', (): Promise< + void, +> => { + return runRun([], {gitTagVersion, newVersion: 'major', preid: 'beta'}, 'no-args', async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toEqual('2.0.0'); + }); +}); diff --git a/flow-typed/npm/semver_v5.1.x.js b/flow-typed/npm/semver_v5.1.x.js index 43a0f685c5..b3be5ddeb5 100644 --- a/flow-typed/npm/semver_v5.1.x.js +++ b/flow-typed/npm/semver_v5.1.x.js @@ -41,7 +41,8 @@ declare module 'semver' { // Functions declare function clean(v: string, loose?: boolean): string | null; declare function valid(v: string, loose?: boolean): string | null; - declare function inc(v: string, release: string, loose?: boolean): string | null; + declare function inc(v: string, release: string, loose?: boolean, identifier?: string): string | null; + declare function inc(v: string, release: string, identifier: string): string | null; declare function major(v: string, loose?: boolean): number; declare function minor(v: string, loose?: boolean): number; declare function patch(v: string, loose?: boolean): number; diff --git a/src/cli/commands/version.js b/src/cli/commands/version.js index 5b2ef1a66a..eb77c696de 100644 --- a/src/cli/commands/version.js +++ b/src/cli/commands/version.js @@ -14,8 +14,8 @@ const semver = require('semver'); const path = require('path'); const NEW_VERSION_FLAG = '--new-version [version]'; -function isValidNewVersion(oldVersion: string, newVersion: string, looseSemver: boolean): boolean { - return !!(semver.valid(newVersion, looseSemver) || semver.inc(oldVersion, newVersion, looseSemver)); +function isValidNewVersion(oldVersion: string, newVersion: string, looseSemver: boolean, identifier?: string): boolean { + return !!(semver.valid(newVersion, looseSemver) || semver.inc(oldVersion, newVersion, looseSemver, identifier)); } export function setFlags(commander: Object) { @@ -24,6 +24,11 @@ export function setFlags(commander: Object) { commander.option('--major', 'auto-increment major version number'); commander.option('--minor', 'auto-increment minor version number'); commander.option('--patch', 'auto-increment patch version number'); + commander.option('--premajor', 'auto-increment premajor version number'); + commander.option('--preminor', 'auto-increment preminor version number'); + commander.option('--prepatch', 'auto-increment prepatch version number'); + commander.option('--prerelease', 'auto-increment prerelease version number'); + commander.option('--preid [preid]', 'add a custom identifier to the prerelease'); commander.option('--message [message]', 'message'); commander.option('--no-git-tag-version', 'no git tag version'); commander.option('--no-commit-hooks', 'bypass git hooks when committing new version'); @@ -44,6 +49,10 @@ export async function setVersion( const pkgLoc = pkg._loc; const scripts = map(); let newVersion = flags.newVersion; + let identifier = undefined; + if (flags.preid) { + identifier = flags.preid; + } invariant(pkgLoc, 'expected package location'); if (args.length && !newVersion) { @@ -76,7 +85,7 @@ export async function setVersion( } // get new version - if (newVersion && !isValidNewVersion(oldVersion, newVersion, config.looseSemver)) { + if (newVersion && !isValidNewVersion(oldVersion, newVersion, config.looseSemver, identifier)) { throw new MessageError(reporter.lang('invalidVersion')); } @@ -88,6 +97,14 @@ export async function setVersion( newVersion = semver.inc(oldVersion, 'minor'); } else if (flags.patch) { newVersion = semver.inc(oldVersion, 'patch'); + } else if (flags.premajor) { + newVersion = semver.inc(oldVersion, 'premajor', identifier); + } else if (flags.preminor) { + newVersion = semver.inc(oldVersion, 'preminor', identifier); + } else if (flags.prepatch) { + newVersion = semver.inc(oldVersion, 'prepatch', identifier); + } else if (flags.prerelease) { + newVersion = semver.inc(oldVersion, 'prerelease', identifier); } } @@ -117,7 +134,7 @@ export async function setVersion( }; } - if (isValidNewVersion(oldVersion, newVersion, config.looseSemver)) { + if (isValidNewVersion(oldVersion, newVersion, config.looseSemver, identifier)) { break; } else { newVersion = null; @@ -125,7 +142,7 @@ export async function setVersion( } } if (newVersion) { - newVersion = semver.inc(oldVersion, newVersion, config.looseSemver) || newVersion; + newVersion = semver.inc(oldVersion, newVersion, config.looseSemver, identifier) || newVersion; } invariant(newVersion, 'expected new version'); From f9aaff00c1662b8b95603a1cd1628540e8eed20c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Fri, 14 Jun 2019 20:37:43 +0200 Subject: [PATCH 07/49] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7570e6e65..c8b00b8c23 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa - Yarn will tolerate Yaml at parse time. Full support isn't ready yet and will only come at the next major. [#7300](https://github.com/yarnpkg/yarn/pull/7300) - [**Maël Nison**](https://twitter.com/arcanis) + +- Fixes a bug when using the `link:` protocol with a folder that doesn't contain a `package.json` + + [#7337](https://github.com/yarnpkg/yarn/pull/7337) - [**Maël Nison**](https://twitter.com/arcanis) ## 1.16.0 From ddceddc5a3437fb5eece710293162986ce5cc4d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Fri, 14 Jun 2019 20:38:42 +0200 Subject: [PATCH 08/49] v1.17.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5a6b8e1d4b..59a1b6ebbc 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "yarn", "installationMethod": "unknown", - "version": "1.17.0-0", + "version": "1.17.0", "license": "BSD-2-Clause", "preferGlobal": true, "description": "📦🐈 Fast, reliable, and secure dependency management.", From 3a1fc9c0f719cd9c7aac7a4f7530252f4a1d76e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Fri, 14 Jun 2019 20:38:47 +0200 Subject: [PATCH 09/49] 1.18.0-0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 59a1b6ebbc..c88e3f7102 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "yarn", "installationMethod": "unknown", - "version": "1.17.0", + "version": "1.18.0-0", "license": "BSD-2-Clause", "preferGlobal": true, "description": "📦🐈 Fast, reliable, and secure dependency management.", From 11ec1bc57a5cc81f9b9ba755041d0110e3771b9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Thu, 20 Jun 2019 18:54:30 +0200 Subject: [PATCH 10/49] Adds basic support for .yamlrc.yml (yarnPath only, v2) (#7350) --- src/rc.js | 6 +++++- src/util/rc.js | 30 ++++++++++++++++++++---------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/src/rc.js b/src/rc.js index 98e71a28f3..dd61a19ab3 100644 --- a/src/rc.js +++ b/src/rc.js @@ -43,7 +43,11 @@ export function getRcConfigForCwd(cwd: string, args: Array): {[key: stri } function loadRcFile(fileText: string, filePath: string): {[key: string]: string} { - const {object: values} = parse(fileText, 'yarnrc'); + let {object: values} = parse(fileText, 'yarnrc'); + + if (filePath.match(/\.yml$/)) { + values = {yarnPath: values.yarnPath}; + } // some keys reference directories so keep their relativity for (const key in values) { diff --git a/src/util/rc.js b/src/util/rc.js index c113d6ba4c..dbc960c637 100644 --- a/src/util/rc.js +++ b/src/util/rc.js @@ -11,26 +11,36 @@ const home = isWin ? process.env.USERPROFILE : process.env.HOME; function getRcPaths(name: string, cwd: string): Array { const configPaths = []; - function addConfigPath(...segments) { + function pushConfigPath(...segments) { configPaths.push(path.join(...segments)); + if (segments[segments.length - 1] === `.${name}rc`) { + configPaths.push(path.join(...segments.slice(0, -1), `.${name}rc.yml`)); + } + } + + function unshiftConfigPath(...segments) { + configPaths.unshift(path.join(...segments)); + if (segments[segments.length - 1] === `.${name}rc`) { + configPaths.unshift(path.join(...segments.slice(0, -1), `.${name}rc.yml`)); + } } if (!isWin) { - addConfigPath(etc, name, 'config'); - addConfigPath(etc, `${name}rc`); + pushConfigPath(etc, name, 'config'); + pushConfigPath(etc, `${name}rc`); } if (home) { - addConfigPath(CONFIG_DIRECTORY); - addConfigPath(home, '.config', name, 'config'); - addConfigPath(home, '.config', name); - addConfigPath(home, `.${name}`, 'config'); - addConfigPath(home, `.${name}rc`); + pushConfigPath(CONFIG_DIRECTORY); + pushConfigPath(home, '.config', name, 'config'); + pushConfigPath(home, '.config', name); + pushConfigPath(home, `.${name}`, 'config'); + pushConfigPath(home, `.${name}rc`); } // add .yarnrc locations relative to the cwd while (true) { - configPaths.unshift(path.join(cwd, `.${name}rc`)); + unshiftConfigPath(cwd, `.${name}rc`); const upperCwd = path.dirname(cwd); if (upperCwd === cwd) { @@ -45,7 +55,7 @@ function getRcPaths(name: string, cwd: string): Array { const envVariable = `${name}_config`.toUpperCase(); if (process.env[envVariable]) { - addConfigPath(process.env[envVariable]); + pushConfigPath(process.env[envVariable]); } return configPaths; From 01713684fa5cc6b6d6143ac0bbea2c4f889d5fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Fri, 21 Jun 2019 11:17:49 +0200 Subject: [PATCH 11/49] Gives a higher precedence to yarnrc.yml than yarnrc --- CHANGELOG.md | 8 +++++++- src/rc.js | 2 +- src/util/rc.js | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c8b00b8c23..c45b7398fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Adds support for reading `yarnPath` from v2-produced `.yarnrc.yml` files. + + [#7350](https://github.com/yarnpkg/yarn/pull/7350) - [**Maël Nison**](https://twitter.com/arcanis) + +## 1.17.0 + - Adds prereleases flags and prerelease identifier to `yarn version`. [#7336](https://github.com/yarnpkg/yarn/pull/7336) - [**Daniel Seijo**](https://github.com/daniseijo) @@ -19,7 +25,7 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa - Yarn will tolerate Yaml at parse time. Full support isn't ready yet and will only come at the next major. [#7300](https://github.com/yarnpkg/yarn/pull/7300) - [**Maël Nison**](https://twitter.com/arcanis) - + - Fixes a bug when using the `link:` protocol with a folder that doesn't contain a `package.json` [#7337](https://github.com/yarnpkg/yarn/pull/7337) - [**Maël Nison**](https://twitter.com/arcanis) diff --git a/src/rc.js b/src/rc.js index dd61a19ab3..4771665889 100644 --- a/src/rc.js +++ b/src/rc.js @@ -46,7 +46,7 @@ function loadRcFile(fileText: string, filePath: string): {[key: string]: string} let {object: values} = parse(fileText, 'yarnrc'); if (filePath.match(/\.yml$/)) { - values = {yarnPath: values.yarnPath}; + values = {'yarn-path': values.yarnPath}; } // some keys reference directories so keep their relativity diff --git a/src/util/rc.js b/src/util/rc.js index dbc960c637..4be6cbba21 100644 --- a/src/util/rc.js +++ b/src/util/rc.js @@ -19,10 +19,10 @@ function getRcPaths(name: string, cwd: string): Array { } function unshiftConfigPath(...segments) { - configPaths.unshift(path.join(...segments)); if (segments[segments.length - 1] === `.${name}rc`) { configPaths.unshift(path.join(...segments.slice(0, -1), `.${name}rc.yml`)); } + configPaths.unshift(path.join(...segments)); } if (!isWin) { From c31e4a95369efba02965297568028859134c1688 Mon Sep 17 00:00:00 2001 From: Zixuan Liu Date: Tue, 2 Jul 2019 18:44:06 +0800 Subject: [PATCH 12/49] Add registry paramter to revokedToken request (#7358) --- src/cli/commands/login.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cli/commands/login.js b/src/cli/commands/login.js index dd55cd1a67..1c0e2dbf60 100644 --- a/src/cli/commands/login.js +++ b/src/cli/commands/login.js @@ -120,6 +120,7 @@ export async function getToken( reporter.success(reporter.lang('revokedToken')); await config.registries.npm.request(`-/user/token/${token}`, { method: 'DELETE', + registry, }); }; } else { From 49332faf9d22f5c4ae33d4d3343895e189b3fac3 Mon Sep 17 00:00:00 2001 From: Mikhail Bodrov Date: Wed, 3 Jul 2019 17:44:17 +0300 Subject: [PATCH 13/49] Optimize slice last sharp tail (#7353) --- src/cli/commands/list.js | 2 +- src/hoisted-tree-builder.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cli/commands/list.js b/src/cli/commands/list.js index b9b5a8a0ef..b64936e7e7 100644 --- a/src/cli/commands/list.js +++ b/src/cli/commands/list.js @@ -152,7 +152,7 @@ export async function buildTree( } export function getParent(key: string, treesByKey: Object): Object { - const parentKey = key.split('#').slice(0, -1).join('#'); + const parentKey = key.slice(0, key.lastIndexOf('#')); return treesByKey[parentKey]; } diff --git a/src/hoisted-tree-builder.js b/src/hoisted-tree-builder.js index e8f1b2c50a..b24ea72c59 100644 --- a/src/hoisted-tree-builder.js +++ b/src/hoisted-tree-builder.js @@ -15,7 +15,7 @@ export type HoistedTree = { export type HoistedTrees = Array; export function getParent(key: string, treesByKey: Object): Object { - const parentKey = key.split('#').slice(0, -1).join('#'); + const parentKey = key.slice(0, key.lastIndexOf('#')); return treesByKey[parentKey]; } From 2f08a7405cc3f6fe47c30293050bb0ac94850932 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Fri, 12 Jul 2019 16:19:53 +0200 Subject: [PATCH 14/49] Forces using https for the regular registries (#7393) * Forces using https for the regular registries * Fixes linting * Updates the changelog * Adds npmjs.com to the list --- CHANGELOG.md | 4 ++++ __tests__/registries/npm-registry.js | 24 ++++++++++++++++++++++++ src/registries/npm-registry.js | 15 ++++++++++----- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c45b7398fa..32f46dfc15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Enforces https for the Yarn and npm registries. + + [#7393](https://github.com/yarnpkg/yarn/pull/7393) - [**Maël Nison**](https://twitter.com/arcanis) + - Adds support for reading `yarnPath` from v2-produced `.yarnrc.yml` files. [#7350](https://github.com/yarnpkg/yarn/pull/7350) - [**Maël Nison**](https://twitter.com/arcanis) diff --git a/__tests__/registries/npm-registry.js b/__tests__/registries/npm-registry.js index b5177b7719..54ade142a0 100644 --- a/__tests__/registries/npm-registry.js +++ b/__tests__/registries/npm-registry.js @@ -781,6 +781,30 @@ describe('getRequestUrl functional test', () => { expect(npmRegistry.getRequestUrl(registry, pathname)).toEqual('https://my.registry.co/registry/foo/bar/baz'); }); + + for (const host of [`registry.yarnpkg.com`, `registry.npmjs.org`, `registry.npmjs.com`]) { + test(`enforces loading packages through https when they come from ${host}`, () => { + const testCwd = '.'; + const {mockRequestManager, mockRegistries, mockReporter} = createMocks(); + const npmRegistry = new NpmRegistry(testCwd, mockRegistries, mockRequestManager, mockReporter, true, []); + const registry = `http://${host}/registry`; + const pathname = 'foo/bar/baz'; + + expect(npmRegistry.getRequestUrl(registry, pathname)).toEqual(`https://${host}/registry/foo/bar/baz`); + }); + } + + test("doesn't change the protocol for packages from other registries", () => { + const testCwd = '.'; + const {mockRequestManager, mockRegistries, mockReporter} = createMocks(); + const npmRegistry = new NpmRegistry(testCwd, mockRegistries, mockRequestManager, mockReporter, true, []); + const registry = 'http://registry.mylittlepony.org/registry'; + const pathname = 'foo/bar/baz'; + + expect(npmRegistry.getRequestUrl(registry, pathname)).toEqual( + 'http://registry.mylittlepony.org/registry/foo/bar/baz', + ); + }); }); describe('getScope functional test', () => { diff --git a/src/registries/npm-registry.js b/src/registries/npm-registry.js index f1fb3786b7..083b8c1bab 100644 --- a/src/registries/npm-registry.js +++ b/src/registries/npm-registry.js @@ -22,6 +22,7 @@ import url from 'url'; import ini from 'ini'; const DEFAULT_REGISTRY = 'https://registry.npmjs.org/'; +const REGEX_REGISTRY_ENFORCED_HTTPS = /^https?:\/\/([^\/]+\.)?(yarnpkg\.com|npmjs\.(org|com))(\/|$)/; const REGEX_REGISTRY_HTTP_PROTOCOL = /^https?:/i; const REGEX_REGISTRY_PREFIX = /^(https?:)?\/\//i; const REGEX_REGISTRY_SUFFIX = /registry\/?$/; @@ -112,13 +113,17 @@ export default class NpmRegistry extends Registry { } getRequestUrl(registry: string, pathname: string): string { - const isUrl = REGEX_REGISTRY_PREFIX.test(pathname); + let resolved = pathname; - if (isUrl) { - return pathname; - } else { - return url.resolve(addSuffix(registry, '/'), pathname); + if (!REGEX_REGISTRY_PREFIX.test(pathname)) { + resolved = url.resolve(addSuffix(registry, '/'), pathname); } + + if (REGEX_REGISTRY_ENFORCED_HTTPS.test(resolved)) { + resolved = resolved.replace(/^http:\/\//, 'https://'); + } + + return resolved; } isRequestToRegistry(requestUrl: string, registryUrl: string): boolean { From a3b1294c22043cd8868b6a1decb77b673e764efd Mon Sep 17 00:00:00 2001 From: Eric Amodio Date: Tue, 23 Jul 2019 13:34:36 -0400 Subject: [PATCH 15/49] Adds vscode keys - since they can be large (#5420) (#7419) --- CHANGELOG.md | 4 ++++ src/util/execute-lifecycle-script.js | 8 +++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32f46dfc15..806b31d9de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Ignores potentially large vscode keys in package.json to avoid E2BIG errors. + + [#7419](https://github.com/yarnpkg/yarn/pull/7419) - [**Eric Amodio**](https://twitter.com/eamodio) + - Enforces https for the Yarn and npm registries. [#7393](https://github.com/yarnpkg/yarn/pull/7393) - [**Maël Nison**](https://twitter.com/arcanis) diff --git a/src/util/execute-lifecycle-script.js b/src/util/execute-lifecycle-script.js index dcbbc008d2..f5db0821b4 100644 --- a/src/util/execute-lifecycle-script.js +++ b/src/util/execute-lifecycle-script.js @@ -18,7 +18,13 @@ export type LifecycleReturn = Promise<{ stdout: string, }>; -export const IGNORE_MANIFEST_KEYS: Set = new Set(['readme', 'notice', 'licenseText']); +export const IGNORE_MANIFEST_KEYS: Set = new Set([ + 'readme', + 'notice', + 'licenseText', + 'activationEvents', + 'contributes', +]); // We treat these configs as internal, thus not expose them to process.env. // This helps us avoid some gyp issues when building native modules. From 84e01a97781f903f326e6ca5d7f48935cea74142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hampus=20T=C3=A5gerud?= Date: Wed, 24 Jul 2019 14:44:04 +0200 Subject: [PATCH 16/49] Always run postversion lifecycle method (#7154) * Always run postversion lifecycle method Runs postversion even if no git commit is made. * Update CHANGELOG.md * Improve logic, add tests, update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md --- CHANGELOG.md | 6 +- __tests__/commands/version.js | 102 ++++++++++++++++++ .../version/no-args-no-git-tags/.yarnrc | 1 + .../version/no-args-no-git-tags/package.json | 9 ++ src/cli/commands/version.js | 55 +++++----- 5 files changed, 143 insertions(+), 30 deletions(-) create mode 100644 __tests__/fixtures/version/no-args-no-git-tags/.yarnrc create mode 100644 __tests__/fixtures/version/no-args-no-git-tags/package.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 806b31d9de..ab65e6ba3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Fixes the `postversion` lifecycle method not being called when using `--no-git-tag-version`. + + [#7154](https://github.com/yarnpkg/yarn/pull/7154) - [**Hampus Tågerud**](https://github.com/hampustagerud) + - Ignores potentially large vscode keys in package.json to avoid E2BIG errors. [#7419](https://github.com/yarnpkg/yarn/pull/7419) - [**Eric Amodio**](https://twitter.com/eamodio) @@ -55,7 +59,7 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa - Exposes the script environment variables to `yarn create` spawned processes. [#7127](https://github.com/yarnpkg/yarn/pull/7127) - [**Eli Perelman**](https://github.com/eliperelman) - + - Prevents EPIPE errors from being printed. [#7194](https://github.com/yarnpkg/yarn/pull/7194) - [**Abhishek Reddy**](https://github.com/arbscht) diff --git a/__tests__/commands/version.js b/__tests__/commands/version.js index 6210a40a5e..50c1111b2b 100644 --- a/__tests__/commands/version.js +++ b/__tests__/commands/version.js @@ -162,6 +162,108 @@ test('run version and make sure commit hooks are disabled by config', async (): }); }); +test('run version with --no-git-tag-version and make sure git tags are disabled', async (): Promise => { + const fixture = 'no-args'; + await fs.mkdirp(path.join(fixturesLoc, fixture, '.git')); + + return runRun([], {newVersion, gitTagVersion: false}, fixture, async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toBe(newVersion); + + expect(spawn.mock.calls.length).toBe(0); + }); +}); + +test('run version and make sure git tags are disabled by config', async (): Promise => { + const fixture = 'no-args-no-git-tags'; + await fs.mkdirp(path.join(fixturesLoc, fixture, '.git')); + + return runRun([], {newVersion, gitTagVersion}, fixture, async (config): ?Promise => { + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + expect(pkg.version).toBe(newVersion); + + expect(spawn.mock.calls.length).toBe(0); + }); +}); + +test('run version with --no-git-tag-version, make sure all lifecycle steps runs', async (): Promise => { + const fixture = 'no-args'; + await fs.mkdirp(path.join(fixturesLoc, fixture, '.git')); + + return runRun([], {newVersion, gitTagVersion: false}, fixture, async (config): ?Promise => { + expect(spawn.mock.calls.length).toBe(0); + + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + + const preversionLifecycle = { + stage: 'preversion', + config, + cmd: pkg.scripts.preversion, + cwd: config.cwd, + isInteractive: true, + }; + const versionLifecycle = { + stage: 'version', + config, + cmd: pkg.scripts.version, + cwd: config.cwd, + isInteractive: true, + }; + const postversionLifecycle = { + stage: 'postversion', + config, + cmd: pkg.scripts.postversion, + cwd: config.cwd, + isInteractive: true, + }; + + expect(execCommand.mock.calls.length).toBe(3); + + expect(execCommand.mock.calls[0]).toEqual([preversionLifecycle]); + expect(execCommand.mock.calls[1]).toEqual([versionLifecycle]); + expect(execCommand.mock.calls[2]).toEqual([postversionLifecycle]); + }); +}); + +test('run version with git tags disabled in config, make sure all lifecycle steps runs', async (): Promise => { + const fixture = 'no-args-no-git-tags'; + await fs.mkdirp(path.join(fixturesLoc, fixture, '.git')); + + return runRun([], {newVersion, gitTagVersion}, fixture, async (config): ?Promise => { + expect(spawn.mock.calls.length).toBe(0); + + const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); + + const preversionLifecycle = { + stage: 'preversion', + config, + cmd: pkg.scripts.preversion, + cwd: config.cwd, + isInteractive: true, + }; + const versionLifecycle = { + stage: 'version', + config, + cmd: pkg.scripts.version, + cwd: config.cwd, + isInteractive: true, + }; + const postversionLifecycle = { + stage: 'postversion', + config, + cmd: pkg.scripts.postversion, + cwd: config.cwd, + isInteractive: true, + }; + + expect(execCommand.mock.calls.length).toBe(3); + + expect(execCommand.mock.calls[0]).toEqual([preversionLifecycle]); + expect(execCommand.mock.calls[1]).toEqual([versionLifecycle]); + expect(execCommand.mock.calls[2]).toEqual([postversionLifecycle]); + }); +}); + test('run version with --major flag and make sure major version is incremented', (): Promise => { return runRun([], {gitTagVersion, major: true}, 'no-args', async (config): ?Promise => { const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); diff --git a/__tests__/fixtures/version/no-args-no-git-tags/.yarnrc b/__tests__/fixtures/version/no-args-no-git-tags/.yarnrc new file mode 100644 index 0000000000..5cb9a09b64 --- /dev/null +++ b/__tests__/fixtures/version/no-args-no-git-tags/.yarnrc @@ -0,0 +1 @@ +version-git-tag false diff --git a/__tests__/fixtures/version/no-args-no-git-tags/package.json b/__tests__/fixtures/version/no-args-no-git-tags/package.json new file mode 100644 index 0000000000..c8c699e438 --- /dev/null +++ b/__tests__/fixtures/version/no-args-no-git-tags/package.json @@ -0,0 +1,9 @@ +{ + "version": "1.0.0", + "license": "BSD-2-Clause", + "scripts": { + "preversion": "echo preversion", + "version": "echo version", + "postversion": "echo postversion" + } +} diff --git a/src/cli/commands/version.js b/src/cli/commands/version.js index eb77c696de..f7ade77bf7 100644 --- a/src/cli/commands/version.js +++ b/src/cli/commands/version.js @@ -170,44 +170,41 @@ export async function setVersion( await runLifecycle('version'); - // check if committing the new version to git is overriden - if (!flags.gitTagVersion || !config.getOption('version-git-tag')) { - // Don't tag the version in Git - return () => Promise.resolve(); - } - return async function(): Promise { invariant(newVersion, 'expected version'); - // add git commit and tag - let isGit = false; - const parts = config.cwd.split(path.sep); - while (parts.length) { - isGit = await fs.exists(path.join(parts.join(path.sep), '.git')); - if (isGit) { - break; - } else { - parts.pop(); + // check if a new git tag should be created + if (flags.gitTagVersion && config.getOption('version-git-tag')) { + // add git commit and tag + let isGit = false; + const parts = config.cwd.split(path.sep); + while (parts.length) { + isGit = await fs.exists(path.join(parts.join(path.sep), '.git')); + if (isGit) { + break; + } else { + parts.pop(); + } } - } - if (isGit) { - const message = (flags.message || String(config.getOption('version-git-message'))).replace(/%s/g, newVersion); - const sign: boolean = Boolean(config.getOption('version-sign-git-tag')); - const flag = sign ? '-sm' : '-am'; - const prefix: string = String(config.getOption('version-tag-prefix')); - const args: Array = ['commit', '-m', message, ...(isCommitHooksDisabled() ? ['-n'] : [])]; + if (isGit) { + const message = (flags.message || String(config.getOption('version-git-message'))).replace(/%s/g, newVersion); + const sign: boolean = Boolean(config.getOption('version-sign-git-tag')); + const flag = sign ? '-sm' : '-am'; + const prefix: string = String(config.getOption('version-tag-prefix')); + const args: Array = ['commit', '-m', message, ...(isCommitHooksDisabled() ? ['-n'] : [])]; - const gitRoot = (await spawnGit(['rev-parse', '--show-toplevel'], {cwd: config.cwd})).trim(); + const gitRoot = (await spawnGit(['rev-parse', '--show-toplevel'], {cwd: config.cwd})).trim(); - // add manifest - await spawnGit(['add', path.relative(gitRoot, pkgLoc)], {cwd: gitRoot}); + // add manifest + await spawnGit(['add', path.relative(gitRoot, pkgLoc)], {cwd: gitRoot}); - // create git commit - await spawnGit(args, {cwd: gitRoot}); + // create git commit + await spawnGit(args, {cwd: gitRoot}); - // create git tag - await spawnGit(['tag', `${prefix}${newVersion}`, flag, message], {cwd: gitRoot}); + // create git tag + await spawnGit(['tag', `${prefix}${newVersion}`, flag, message], {cwd: gitRoot}); + } } await runLifecycle('postversion'); From ee29a5fd6a9763b4befa3d3f28671e40f6579b2f Mon Sep 17 00:00:00 2001 From: John Firebaugh Date: Wed, 24 Jul 2019 05:46:11 -0700 Subject: [PATCH 17/49] Run the prepare script of git dependencies even if NODE_ENV=production (#7398) * Run the prepare script of git dependencies even if NODE_ENV=production When installing a git dependency with the `NODE_ENV` environment variable set to `production`, yarn did not run the `prepare` lifecycle script, because `config.production` would default to true, and then `wrapLifecycle` would skip `prepare`: https://github.com/yarnpkg/yarn/blob/b6569538de69e0ccd201f0a33f1f5b52f2656f5b/src/cli/commands/install.js#L1202-L1207 This is contrary to npm's behavior and the intent of `GitFetcher#fetchFromInstallAndPack`, which is to install the dependency with its devDependencies and run all the relevant lifecycle scripts (excluding `prepublish`), regardless of the configuration or environment settings of the parent install command. * Update CHANGELOG.md * Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ __tests__/fetchers.js | 34 ++++++++++++++++++++++++++++++++++ src/fetchers/git-fetcher.js | 1 + 3 files changed, 39 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab65e6ba3c..bcd9f68d6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Runs the `prepare` lifecycle of git dependencies even if `NODE_ENV` is set to `production`. + + [#7398](https://github.com/yarnpkg/yarn/pull/7398) - [**John Firebaugh**](https://github.com/jfirebaugh) + - Fixes the `postversion` lifecycle method not being called when using `--no-git-tag-version`. [#7154](https://github.com/yarnpkg/yarn/pull/7154) - [**Hampus Tågerud**](https://github.com/hampustagerud) diff --git a/__tests__/fetchers.js b/__tests__/fetchers.js index ed5f5b0cc6..55d171b3f0 100644 --- a/__tests__/fetchers.js +++ b/__tests__/fetchers.js @@ -125,6 +125,40 @@ test('GitFetcher.fetch with prepare script', async () => { expect(await fs.exists(path.join(dir, 'generated', 'prepublish'))).toBe(false); }); +test('GitFetcher.fetch with prepare script, NODE_ENV=production', async () => { + const NODE_ENV = process.env.NODE_ENV; + try { + process.env.NODE_ENV = 'production'; + const dir = await mkdir('git-fetcher-with-prepare'); + const fetcher = new GitFetcher( + dir, + { + type: 'git', + reference: 'https://github.com/Volune/test-js-git-repo', + hash: '0e56593e326069ed4bcec8126bb48a1891215c57', + registry: 'npm', + }, + await Config.create(), + ); + await fetcher.fetch(); + const name = (await fs.readJson(path.join(dir, 'package.json'))).name; + expect(name).toBe('test-js-git-repo'); + const dependencyName = (await fs.readJson(path.join(dir, 'dependency-package.json'))).name; + expect(dependencyName).toBe('beeper'); + // The file "prepare.js" is not in "files" list + expect(await fs.exists(path.join(dir, 'prepare.js'))).toBe(false); + // Check the dependency with a bin script was correctly executed + expect(await fs.exists(path.join(dir, 'testscript.output.txt'))).toBe(true); + // Check executed lifecycle scripts + expect(await fs.exists(path.join(dir, 'generated', 'preinstall'))).toBe(true); + expect(await fs.exists(path.join(dir, 'generated', 'install'))).toBe(true); + expect(await fs.exists(path.join(dir, 'generated', 'postinstall'))).toBe(true); + expect(await fs.exists(path.join(dir, 'generated', 'prepublish'))).toBe(false); + } finally { + process.env.NODE_ENV = NODE_ENV; + } +}); + test('TarballFetcher.fetch', async () => { const dir = await mkdir('tarball-fetcher'); const fetcher = new TarballFetcher( diff --git a/src/fetchers/git-fetcher.js b/src/fetchers/git-fetcher.js index 284d594384..8939d06d41 100644 --- a/src/fetchers/git-fetcher.js +++ b/src/fetchers/git-fetcher.js @@ -164,6 +164,7 @@ export default class GitFetcher extends BaseFetcher { binLinks: true, cwd: prepareDirectory, disablePrepublish: true, + production: false, }, this.reporter, ), From 8deceab891bb2c7f082e81084643bec6bca77bfa Mon Sep 17 00:00:00 2001 From: Jasper De Moor Date: Fri, 16 Aug 2019 15:57:26 +0200 Subject: [PATCH 18/49] Add Parcel to the engines ignore list (#7473) * add parcel to ignore * add trailing comma --- src/package-compatibility.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/package-compatibility.js b/src/package-compatibility.js index 145f931094..d380b44a70 100644 --- a/src/package-compatibility.js +++ b/src/package-compatibility.js @@ -52,6 +52,7 @@ const ignore = [ 'teleport', // a module bundler used by some modules 'rhino', // once a target for older modules 'cordovaDependencies', // http://bit.ly/2tkUePg + 'parcel', // used for plugins of the Parcel bundler ]; type Versions = { From 7575b1f144450d7c6685482d011ea04ab547e07f Mon Sep 17 00:00:00 2001 From: herr kaste Date: Fri, 16 Aug 2019 16:01:10 +0200 Subject: [PATCH 19/49] Do not log `err.message` of `ProcessTermError`s if silent (#7472) * Do not log `err.message` of `ProcessTermError`s if silent Fixes #5359 * Ensure `YARN_SILENT=0` by default in the integration tests --- .../fixtures/index/run-failing-script/package.json | 8 ++++++++ __tests__/index.js | 13 +++++++++++-- __tests__/integration.js | 1 + src/cli/index.js | 4 ++++ 4 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 __tests__/fixtures/index/run-failing-script/package.json diff --git a/__tests__/fixtures/index/run-failing-script/package.json b/__tests__/fixtures/index/run-failing-script/package.json new file mode 100644 index 0000000000..ced76150aa --- /dev/null +++ b/__tests__/fixtures/index/run-failing-script/package.json @@ -0,0 +1,8 @@ +{ + "name": "test_run_failing_script", + "version": "1.0.0", + "license": "UNLICENSED", + "scripts": { + "custom-script": "echo \"Hi\" && exit 1" + } +} diff --git a/__tests__/index.js b/__tests__/index.js index 80345e9569..7e16b08048 100644 --- a/__tests__/index.js +++ b/__tests__/index.js @@ -49,9 +49,9 @@ async function execCommand( cwd: workingDir, env: cleanedEnv, }, - (error, stdout) => { + (error, stdout, stderr) => { if (error) { - reject(Object.assign((new Error(error.message): any), {stdout})); + reject(Object.assign((new Error(error.message): any), {stdout, stderr})); } else { const stdoutLines = stdout .toString() @@ -171,6 +171,15 @@ test.concurrent('should run custom script without run command', async () => { expectRunOutput(stdout); }); +test.concurrent('should run without extra output for failing sub commands', async () => { + try { + await execCommand('run', ['--silent', 'custom-script'], 'run-failing-script'); + throw new Error('the command did not fail'); + } catch (err) { + expect(err.stderr).toBe(''); + } +}); + test.concurrent('should run help command', async () => { const stdout = await execCommand('help', [], 'run-help'); expectHelpOutput(stdout); diff --git a/__tests__/integration.js b/__tests__/integration.js index 4a57493ba1..faf6869138 100644 --- a/__tests__/integration.js +++ b/__tests__/integration.js @@ -83,6 +83,7 @@ const getRandomPort = () => Math.floor(Math.random() * PORT_RANGE) + MIN_PORT_NU async function runYarn(args: Array = [], options: Object = {}): Promise> { if (!options['env']) { options['env'] = {...process.env}; + options['env']['YARN_SILENT'] = 0; options['extendEnv'] = false; } options['env']['FORCE_COLOR'] = 0; diff --git a/src/cli/index.js b/src/cli/index.js index ad3b7961f8..2ed29cbef0 100644 --- a/src/cli/index.js +++ b/src/cli/index.js @@ -585,6 +585,10 @@ export async function main({ .catch((err: Error) => { reporter.verbose(err.stack); + if (err instanceof ProcessTermError && reporter.isSilent) { + return exit(err.EXIT_CODE || 1); + } + if (err instanceof MessageError) { reporter.error(err.message); } else { From 1a57117853afa2901feb541f6db7f064d9c0f8b9 Mon Sep 17 00:00:00 2001 From: thomas Date: Fri, 16 Aug 2019 16:02:06 +0200 Subject: [PATCH 20/49] Update fixture certificates to prevent false negatives during testing (#7457) * Update fixture certificates to prevent false negatives during testing * Adding #7457 to CHANGELOG.md --- CHANGELOG.md | 4 + __tests__/fixtures/certificates/cacerts.pem | 62 ++++++----- .../fixtures/certificates/client-cert.pem | 62 ++++++----- .../fixtures/certificates/client-key.pem | 103 +++++++++--------- .../fixtures/certificates/server-ca-cert.pem | 62 ++++++----- .../fixtures/certificates/server-cert.pem | 62 ++++++----- .../fixtures/certificates/server-key.pem | 103 +++++++++--------- 7 files changed, 236 insertions(+), 222 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bcd9f68d6e..bf5b2d07f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Update fixture certificates to prevent false negatives during testing + + [#7457](https://github.com/yarnpkg/yarn/pull/7457) - [**Thomas Jouannic**](https://github.com/eilgin) + - Runs the `prepare` lifecycle of git dependencies even if `NODE_ENV` is set to `production`. [#7398](https://github.com/yarnpkg/yarn/pull/7398) - [**John Firebaugh**](https://github.com/jfirebaugh) diff --git a/__tests__/fixtures/certificates/cacerts.pem b/__tests__/fixtures/certificates/cacerts.pem index f752995039..ff0e06fae5 100644 --- a/__tests__/fixtures/certificates/cacerts.pem +++ b/__tests__/fixtures/certificates/cacerts.pem @@ -34,35 +34,37 @@ rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt -----END CERTIFICATE----- comments should be stripped -----BEGIN CERTIFICATE----- -MIIFgDCCA2gCCQC8rITAE36eyDANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMC -VVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQHDAZCb3N0b24xEzARBgNVBAoMCkV4YW1w -bGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxCzAJBgNVBAMMAmNhMSAwHgYJKoZIhvcN -AQkBFhFjZXJ0c0BleGFtcGxlLmNvbTAeFw0xNjExMDExMDU5MDRaFw00NDAzMTgx -MDU5MDRaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJv -c3RvbjETMBEGA1UECgwKRXhhbXBsZSBDbzEQMA4GA1UECwwHdGVjaG9wczELMAkG -A1UEAwwCY2ExIDAeBgkqhkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5dlk+OKb+S14hj/EHVUMzGSAfTpc -TJgAPxhaWChp4ICBspYX3OrIdQ4XXEzJYu0ZFIxhV0VD0XBB9XEdmyaJpgqJORFi -MplDtIOAAsiHL64g7ZW8vKrVH/VWnCk5lt4CX+u7bUzhcGo11Esmvy/uAWDeStLI -m+49esBbr3nL+oYMaGw3u2tgZgaalvozg4p+Tatl3J3TUgpt9fK5tpHwlGmXIOp0 -O6Lq3affXZzFivMm/jJVMGyV1/AowPCtXbhS1O8qQQKws4HZUx9Od34yzOpPCkQf -Wl9YkZKd2OQ1MPTnpjiXluBEbhAPPHKq7P12B+wrlFP+4l9wNwqpTIxFR6j/iy+H -9exO4yaU0QcaQFHOSPxVP3rl0KdEFq/oTkto23Y5nrEuwEZ9TVEdNaxiOElNy/qy -cMUsFZA+4ne1Ly8FB44OY2hSE8P59jLFNP+A+XCTMK7doiJ5BT442+kxpIRQyfEl -EwaRQm2oZzJvSU1G3EOYs/3hOzQzpCpaJuPT2zhis3wHzYtgVt2Q5EOaBQnbGi9/ -bV6881elI6+5jEahwq4zIlfYREmOm8wtDXkeajIIQrLMRG6d4YMm27F3ZCxL2tam -LEuF6CtqoTEuxuJXM9zC7Rydiry7kszLkDJKvUmGgbrJ5qnmZBetZLoG3NivCWQN -n2sJqcmOrRU4SfsCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAD8reWqvPTVuxQ3XY -z5tOii37WDhVStUwXot6QaUCIouAIfwJDnyuOi4H8vgXzWcvwPvEXWRS7JJZn4Qa -5DsuOo5UI60vvypZ3F0MrPQbWz3cwAzrVVCw138IfMUo2dLfW5tcc/2zIg31zStV -7wREbMRX/xrqkyuOoe+1zvpk7oqaXff6aOluqtZh5Q0g7fANt7Lpb3TIJF1lHxkJ -mKaPHUbSwxXjv42pliJlivPcjELRCwZDfNA8t6FftmhTo0ReRrUP6CyvZJjEg+2O -8/bPstDs0bqE9KCYFQmroGvfwZj2DjiAm2P7DfiLmfjfojqgKFW8nw9ZgCyHFD8t -OB7gqlB5PR11Y9IRzdV9RO98lmitVyHI+IPkoj/Dq7L08jXl4NspOml2kwlvXrcG -k14IQz+Wy57UyD8C1ZS5MkHM9Pza4uvEmFND/SkN1rAJh+nl2ufZ6qSRzA39S6EC -hi6D6yh7CRpPlpF5rtdzAJMjWS+/JXGBmzzdGHNAVKuhReIDDS5mIW60gJkCF+iM -K+jdVGPOxiN5ODSJaIUJadVHe/QDmFUTYMtho9cdJU4NqtDwLLzLS2sPg9BKcazb -3A2b2esl0TtJI5iGgRW+oDlXw86Z8A5RZPllBJYIuuFe9Ger7bjQj8F+lrHOjnE5 -z25jSi3bq2l8JLZnANwdm1O/TLQ= +MIIF7TCCA9WgAwIBAgIJAOQ9IRk5pctqMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD +VQQDDAJjYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQHDAZCb3N0 +b24xEzARBgNVBAoMCkV4YW1wbGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxIDAeBgkq +hkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMB4XDTE5MDgwNjA3MTIxN1oXDTQ0 +MDczMDA3MTIxN1owgYExCzAJBgNVBAMMAmNhMQswCQYDVQQGEwJVUzELMAkGA1UE +CAwCTUExDzANBgNVBAcMBkJvc3RvbjETMBEGA1UECgwKRXhhbXBsZSBDbzEQMA4G +A1UECwwHdGVjaG9wczEgMB4GCSqGSIb3DQEJARYRY2VydHNAZXhhbXBsZS5jb20w +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBFeT4bPZ8OGivNZQby7cI +N1DYloyEJZjvBkE61Ewdq1i6bGQVrxL/JrWWvCVrSOALUpovFGIqeeHoYq5IHSTb +jd/vkvrGBymsou6lJYJGqlbL3GCDbF93txPTvEwKYm/FbvFMu835DQgZEaXuB/iS +RWKUOgjf48I5buLHVmJ+V6INoYlQgNdtM0tSTOefOwp46NEzOwlmNAsQURwOVgwX +Aiqm8862hlB3y8zaV9xh3nvinMhTbTlWOBKuJD3us5OCmpY6KJVdOhgdmusFIHSD +1Z1y0Wk1s1abZeChUYi/3MJgGL/sxgk2fscvRTukq24xqYixcs/F39TEYsOtNwO0 +qL934KY860BdBjXSwv2TMA7vLrMBfKiyYFV5Tg7VeiKMYuvAMiJ6pcycI2AuIoJx +l9RcPrqKUATkjVbk5j9VowokW8bMpCMKqBAh8eAj93vEVbk56MQNyAQzi0ua2HIS +a0TH+Z4cLXxVNQNDOg3u/uYzCJqVkkUy2ACuN+KY19/owCDEBmjHf3YEeNmu79nP +8eMp1qDxGaHrB8Mbbs4u35oKcu3/osAAAv94C4rYM1GlvRavzMXaw/w6THXzAqLR +HUk4TDySH59lprorRwi9O5MEseu/VR6kpVGFaqf8Uk3roO1PLcrLl7mIVEBMT+xr +dsQZ2t5uPdRWl17CC3FPjQIDAQABo2YwZDAdBgNVHQ4EFgQUiv23fsFng48bIdox +T5+R4ZyblCUwHwYDVR0jBBgwFoAUiv23fsFng48bIdoxT5+R4ZyblCUwDgYDVR0P +AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQELBQADggIB +AGyXNgSgEKTsP6khvdCIognjKBPxHloKRa1VjVDISsOTrhpnpzD8iK5fI7PLNTu4 +I57O90Ouo689np766iUIWTGDX3gHXLwPjvEtHFBOctfkDRD6vSk6jT74AWq5SM6R +i+Us6iLcOoyJOXfpRA2RJ8mSmYpswmY16s3vNQtBQASDEgqd1+tuKUXdf1ijBUEI +fua0tUBfmroEDphzi9SOyeo3KbXafjrgHnRRF/EZS86UuwI1OEYqfzqzZzU2aR+i +zKdA+V5m/myfgiFHWnN8hT5TgJC3zjuLrfPE0oWF1xUJouMhDiKp0tWu6S4wyU0w +cxtpCBPoeqjVr4eVyvmpFREPIW6fANUT21QDTu22gjorKoewoFlt62Q/SIiVe8Fd +zMNLzJykHzP8W5E4p2lUFmuZ+cgU0ASsqTf21VfWuBYOLMCe/Z1mRw/egg7/ZlkB +dbgbZVj0hkfh6zGybtAeCPVQ5g+eQ5AOJCaW30xs8zove9Ke6/Pc/QPQ/nU5KhJX +/Vr4xnoOvgq+UM/CwhYgqMcqk04czBF1KHKPKPFv4i+XDZ++cckUq3PMvWHMg8Og ++9LT8+6nWhoz3C2khOeRXJn5JV0+NqrVFYSrk1Ck2Z1h6dVDhz25fyPV+9+hZlDL +iG8MH0iCyXWz6kiZKW0s9LV7AW/PUPU/rZdS+P2HgS0E -----END CERTIFICATE----- another comment diff --git a/__tests__/fixtures/certificates/client-cert.pem b/__tests__/fixtures/certificates/client-cert.pem index 0fcb7fec45..755b80ec4a 100644 --- a/__tests__/fixtures/certificates/client-cert.pem +++ b/__tests__/fixtures/certificates/client-cert.pem @@ -1,32 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIFijCCA3KgAwIBAgIJAJtFZrwaJuiyMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJvc3RvbjETMBEGA1UECgwK -RXhhbXBsZSBDbzEQMA4GA1UECwwHdGVjaG9wczELMAkGA1UEAwwCY2ExIDAeBgkq -hkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMB4XDTE2MTEwMTExMDIxMloXDTE5 -MDcyODExMDIxMlowgYYxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UE -BwwGQm9zdG9uMRMwEQYDVQQKDApFeGFtcGxlIENvMRAwDgYDVQQLDAd0ZWNob3Bz -MRAwDgYDVQQDDAdjbGllbnQxMSAwHgYJKoZIhvcNAQkBFhFjZXJ0c0BleGFtcGxl -LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALIBe3sK4CKnNTyp -M7GwNzHHrCtgW/nVBML9KRbHSCDodvhegfNWJRTvarWCipbej+V0iBsw/LcYuynw -4QDzINJVQTfdXYpfr2PBjY2PlTurYMHoA6W9Qefw3TZNQbt1wygJznShPPfdVDi7 -KBaXCCmLZ98dh4o8+A+4FTEdkMmtLjKp7j/chDmmO+vM0+odSBtf5CfEEgIQNAiw -uaKJhFjOD0voMDfDEowIBqA/s5MPN8iizOoPhpgl4HJrkWGULEl/xpmO0oOiLITx -xG1wAeKsGXa+28Xv+FU3nK8AgpToGsnOt4jUmAqO8f0Y1CnBFL9LkOB99UQG9XBS -H2j61pZnJaL3L3GwSVeGxfhZWgEhTcZDsA9/xD4dRJEzi49A+Q0DVArj9nyccLP5 -NgXClC4wQZzRTH/ptkfNzmnkZ935ffn9tnJNAv/Cq9sTpEL5TmQU976shhxpomXa -/ADW+jojVnlBZkZugVEbvFU1r7EFUz9aEHvqmIpUn84gvWeG6Ows1T+nvFkQCtFp -00uHntOjh0Jx5PclMNX8rAaHOzI/7j3ZkvNicSz76v9iFaViTUdplL4beORjhuTq -MgNSGyHv4C6MxsdfurZgMFsLnDRilBJ3Y4h+xOamV2JngQY1iPT4XRSyV60+4hRg -V8PN+dLSv28sqUXN/nm0zQiy1FV3AgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAA6N -4kIH05Ju3SJAKCFg4/K3NNW9D7WCRbKBN4PLyxQ/4KW8eDKC72PA4YMX1fRkgCKO -jXypPAtypOZvzs4k3cZXK+Q1OjrUf4PhD+yAzJlVnI7ILjhN1BpZeami2Pd9W8Gl -odCNxDIOgcgx8HMDBtj2xnk0HG0xOsvctB/ueO9LDiJ1Ztn6Yf1sYgyyPZUhGTH0 -fuzCpXbs2PIt7C/wOZjGpbcZ676NBNTuP6r99qTGi5acFi2Q7SY3siKMUDcDnEeO -v4najVtgB+Cj2p6OoHwBtU2MyAiwjqbNR8MjLVT10mU2EC1knmhS/xRRKqnWlnAO -X9Ui5qbpk72jvDcufx9NAmoO4XWVoywZdFRS3QHQBSkTd+0bdBKRHE8Gg+pgS8Z9 -ec1CuxF14oBFZeAN/jU4hwmIOz/Kn6KU2L5/R1D6Hc3rP+PSRv8mIYy8uTNt6Ncn -c5iXB/kw+lm2/b8GPPHkwgAIl7ezL0LjcWpnVNeVrnLRQJn9WCpQO8czLxmehblZ -zp2upkoGnuP19E8lCKFl2gyxOTId1xIxqes/5Sc1M4Hpr2Eb4tI2XyNjg5CQuJe0 -uP6yWf2UJOA5JmY90WRbn592VayyJBne+O+v3eQSyCdd03+Ha6CzSeDIx94PLEIc -65r+/7ymWnPSvIULDUPiDZfGLtSz48DFMTVZRM0+ +MIIF6DCCA9CgAwIBAgIJAIUfwLpI3Mh6MA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD +VQQDDAJjYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQHDAZCb3N0 +b24xEzARBgNVBAoMCkV4YW1wbGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxIDAeBgkq +hkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMB4XDTE5MDgwMTEyNDAwMFoXDTI0 +MDczMTEyNDAwMFowZDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQH +DAZCb3N0b24xEzARBgNVBAoMCkV4YW1wbGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMx +EDAOBgNVBAMMB2NsaWVudDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDCO2v12Ui43mH5zxy9oNzn0biQVN/AhPOJbkgdS4ivxJs7gA+ZcpUsfgclKv8q +khYauLWu9rGUO2YIfpvVAy/Qw1/QoJQrroTuzi84MiIj56xIBy+WUMq2sljn/Ou1 +fYd+CPXDbQOyzUwmWYpqXE4Aipug3mzfcrL+vt9P+0oGOyW9YMghGzNh/y6wkEoX +XDtYw976kk+/VzO44hxi8G3WND0y0XU9u0hhWTXoEP+nyF6i3MasXGgD5D05aHeE +vfmvjs5pUpFfqVdfenddZR+t7BnDjoPDo+UXMNmWmQOhOQ+R1fxZsUfa6QBrEQKQ +If9wq3Cvoo/1MRtiLRfiaHlP/mL7J0MaR/Wj0ET6j/Kjgzm1DwBtz5G3paLGjh9f +YVEELUMkwg5C5EcmVkOXn0EUhIB2S++8sgLAAY3svYgKWBSVcsLm1Bk2Eny76Jh8 +NGkC+3Uits+Ov59zMbEbknFB6ytdItwDjmNGijQ3jXa9g5wDcpUb30S6yKycT7Ix +LZGoHUoHftmkb4XRTiZex+ziqqF4+XJfgwe9smCoJWXNCepao2+QVfoHjIV4dAGc +GVVfMVE92HpYc0YKpWmb/U2qwK6UFIXkt8Xam51ogx1X3a7qnPFWYXADhfptmitk +09FP8bwEtlHpU5VTW7ksu5thrRm3HZ7WwJm60nrSsEb7uwIDAQABo38wfTAdBgNV +HQ4EFgQUyeq4Rl/JTi2CWubbPoFIlLTYCRwwHwYDVR0jBBgwFoAUiv23fsFng48b +IdoxT5+R4ZyblCUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQCOAj+5 +qS81ES3OD0yO4zyR4ICHZo68c15USeZakiWTtt64t3e2ZMyW3onDoKunmxc0u6NO +8qxzM3HVGrTCL18sbYNRIOHlnKrajETb9Uv4QG2ULB+euwhOB18EGHBMEJmvuhr6 ++gL0OEEb1JPGVHC0AowPLPdU0DdVFzLz6AxwpFfQY6qOOaNkdh8N8DIwK8yzE9Z5 +sloh5W/2MtrKPNzY6BIOv2UNuzUySTUfOsqecGQUtFkmyUs11BtmqvxZNdwcSPBG +eO6lysh8Ts6g3PVISx05MLANjkkP5q78UlQGiLbfJFNqVDyeUdSHoCnEZvvJ4oSu +1F6jGJBMzBQwkLHqDp2nfnpnhR6YNAX0nJARxLv0fUbHf+3ikpwyX7tBf94Nd5sQ +Of029YGWnzhB+bLjTXP7JKTsQeFjN3dnssvFQEtyWWJsALWsG3h7TcNRKgADluXQ +2mZBPwXNEx2AAfbAbCXhG0+pJ5sOpOtNk0KwjvyUyUaglTJqFhHscvtf9HmGE9oe +5Wfnftz6dQCtKqPNO4JD55qQ5lL7yESYBIbmm1mACUeXLOM8vFYEZhPqrcT8BIHn +UvZXtzR5/Eyvmjaa4mEj7dtWBxoAgfdS1iMFLK51wqWWtUYojrTihTnpSl1z6S+q +np/9R919j0P7jA5k+2jdFcAMO1K5xLbztVvqaA== -----END CERTIFICATE----- diff --git a/__tests__/fixtures/certificates/client-key.pem b/__tests__/fixtures/certificates/client-key.pem index 6e35a7f79d..fa80438dcf 100644 --- a/__tests__/fixtures/certificates/client-key.pem +++ b/__tests__/fixtures/certificates/client-key.pem @@ -1,51 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAsgF7ewrgIqc1PKkzsbA3McesK2Bb+dUEwv0pFsdIIOh2+F6B -81YlFO9qtYKKlt6P5XSIGzD8txi7KfDhAPMg0lVBN91dil+vY8GNjY+VO6tgwegD -pb1B5/DdNk1Bu3XDKAnOdKE8991UOLsoFpcIKYtn3x2Hijz4D7gVMR2Qya0uMqnu -P9yEOaY768zT6h1IG1/kJ8QSAhA0CLC5oomEWM4PS+gwN8MSjAgGoD+zkw83yKLM -6g+GmCXgcmuRYZQsSX/GmY7Sg6IshPHEbXAB4qwZdr7bxe/4VTecrwCClOgayc63 -iNSYCo7x/RjUKcEUv0uQ4H31RAb1cFIfaPrWlmclovcvcbBJV4bF+FlaASFNxkOw -D3/EPh1EkTOLj0D5DQNUCuP2fJxws/k2BcKULjBBnNFMf+m2R83OaeRn3fl9+f22 -ck0C/8Kr2xOkQvlOZBT3vqyGHGmiZdr8ANb6OiNWeUFmRm6BURu8VTWvsQVTP1oQ -e+qYilSfziC9Z4bo7CzVP6e8WRAK0WnTS4ee06OHQnHk9yUw1fysBoc7Mj/uPdmS -82JxLPvq/2IVpWJNR2mUvht45GOG5OoyA1IbIe/gLozGx1+6tmAwWwucNGKUEndj -iH7E5qZXYmeBBjWI9PhdFLJXrT7iFGBXw8350tK/byypRc3+ebTNCLLUVXcCAwEA -AQKCAgBPu/I/z0NOwm9KWNBbC3/twG8SjvskEZMsdJHvLhzVAMwpvMug4DmEAypd -W7gQlGkIcwZ0h6DrsxxDUS64ai+Nh7rK91FrJik+Gfj6LBLAw6d3tCHOH9RhvLaa -GEkVW06rpJjiDUduD6omL09prwVs9pD0lBmehmjnQaHcek3cyMIk15Fs8a4Y1KmK -mhliiPM/r9hXJ7CZVAC6086TS94ImWSor7zJfYvVRdMR/PbHLM3kBWicf4/enzjG -iAB7IRAlbCLdregGJqKielluW/m8OzK8yglPxIoMQfjhOu1DHiTBuOLlW7UvJZCn -unNusJpGhebDaChw7F0Mjvya3aE4xksR3oIGM7b42OMiC9WvbqVi18UHSDVQkMfO -N1+JUjrBE+/ktDoFGjUgaOfQ9OLcxgP5UHiGoVyK9K1cQsE+6tMyVvg23xYIwgKa -n/66OgxIOw75PWRyRMk4vhoGDWbfpPlVEoVcImKRALDCccyt9w6Hb5X5nbukiG4J -q3MNcuCVqTGelhjY/GsimOw65Gjy+K8XAaIVDcPuqBPbR89wDLL8z0w9blvbboLO -V/Z7Z5fsvpxOXnkVGt+hf9fd6QsR8WsurFq3kuJkaXRW4BArhBGyiX7g2+5Et0Cy -lSN+EOF9h6cQnUHmF9SOmy/nSggmw+2AimXrvDJLf/8b90U8gQKCAQEA4CJmCQax -BTtpC8RsQNoLQIMRdil4g+Y7QFWzHSX4QmfoGdHYWT7OnJZXu9oiBvWGTtXoXXOL -YUg79H57o07Zz7Juk8YWyjHfBLL9j5sh92LE70xyznMYj/uDdnOmYxt5pX8Hx1TL -2VEboRTbsekutEl/LDhtjwLHb5eVPdKmj7Loa4ja1GPHk8b2JN4egMScxz02rGRx -znHcIT7SHGo5G10okV3zq0peErdMSW9JR7q+dTbwGizHmOTqOWDzDF+wRCJOWBLU -t87sUWFJxAyofaM1yIPvzHn0ISGKP/AzkBckU90Mit19EVzjUqYXHpfWH+dMYH6q -uX7hv6umim3shwKCAQEAy1AvxBeeic0vd5Z36G9CIKdkfnvjpN2wxF9w4PEunJUX -h2BtCcT1S+lWOORd/RhYV3SSH+eu7TYpjs0dTy1NluxA/cgxK5Gb4CmFNNdnC0gk -5Bj/gd231M7Gs8K+o52eKztuuPCG5fyWs72q0NZzxeORYjmBnGKRx6x/ryVHNc6D -wcsElpYS0Tyk/gSGkEoWMlNTy/sJ0pGpEezp8mEkbi0q45kI1PbvMO9bqFJ5SDQ+ -4K8JYpaf2Bc/77J91El1Qmw3RpXYYC+tEncFqQedTGQFJ0Yy/ZN2L+lDFlDbHo8q -LNB3vUYvQXwQ7eT/3LMUxD+Fwk7mRHqA4WY0yk/7kQKCAQEAvROHrBme/+DsbubW -w6atU1C+TEYTyoFQfqdNIEvFsI9jN1TVBAR9247gmDId/mzlTmAZU6yDah+7pDeH -KW79Q78slTDITO3hS1+Lk7e04bLKm2yMdSiXEe+FKUnKlVS6PCh7cWZRSRSpECw+ -YUlrAt/1jmJT2g7oG3VuiubHZ/XvJ7gdkopR9JIlV1ihttMlxtYW5zsc3qEiqFEM -grgBUNo3vNnbEyb7USKcEl71HLOms88SoaIhBxQlmx30Kv4V/oRKPvYzyJOgu84s -olxjTwl995eFlaNTlRdsPx/s/6LmHHEfgY3zUdBgXHqMilxgYC2JOuXgM/ebjUvK -hIDSxQKCAQAWdd1RBGr3PjuoMm88tk3P3a40autTI0qL5x9JOluz4KSgx/5DvgZ7 -RGPKFTBs7WuU/cPG0ol4myssI2zBene/3Imxf5QvA/78XJnipIk1rdqleD2B00Sj -tdQtt63n1VnL3Nz2gVvlvGnJoYJlX8uaaPF+sGupIxqHvH6+kpezUgUsO4leOWYK -x3BSv50+A3FATgRL3IfRQ1YyLMILjL/BjCvYyOc436688TRm+/V6DIuFttCKm6k8 -7hSaHlXYReU2WU4h9hvZRGsSRyPQ8I5oCgSnuhGYAdpkoJhQts3+KkK2gLE5r684 -xMP6A/pgH0iEBaB5Ps4hcocaX3glgYCBAoIBAFZsTWy2sgQCe5G3XcNsaa2UNl39 -0lBbFFmvQff3QqyDoMrvTGmXh84ni6by7ouIQsK6toVEufLo0ab5tbg7gPfJPa2T -1+yPO2pcRX3XifAPTcqcy6yP45F4fu9/ZEISuzk3ZL8vQloqNy6P3SUmcH7HnEkv -yZyBZlOMnGBfIkSpQ85Sh+Lwhf/Y0yaZHISeNubRvqcx47LemNeZ7Jq+8fzH9UED -vfk68qx01s/PxV/xs2U96XB6U2zWlJGekTkuz4AB8jtqD594wdxVEPofL6rmnMJZ -LIASsBEniiVESphjqwv62EPmqbdSB5eBWzcl+U2YFMUilhkO6YN0LpfJSeI= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCO2v12Ui43mH5 +zxy9oNzn0biQVN/AhPOJbkgdS4ivxJs7gA+ZcpUsfgclKv8qkhYauLWu9rGUO2YI +fpvVAy/Qw1/QoJQrroTuzi84MiIj56xIBy+WUMq2sljn/Ou1fYd+CPXDbQOyzUwm +WYpqXE4Aipug3mzfcrL+vt9P+0oGOyW9YMghGzNh/y6wkEoXXDtYw976kk+/VzO4 +4hxi8G3WND0y0XU9u0hhWTXoEP+nyF6i3MasXGgD5D05aHeEvfmvjs5pUpFfqVdf +enddZR+t7BnDjoPDo+UXMNmWmQOhOQ+R1fxZsUfa6QBrEQKQIf9wq3Cvoo/1MRti +LRfiaHlP/mL7J0MaR/Wj0ET6j/Kjgzm1DwBtz5G3paLGjh9fYVEELUMkwg5C5Ecm +VkOXn0EUhIB2S++8sgLAAY3svYgKWBSVcsLm1Bk2Eny76Jh8NGkC+3Uits+Ov59z +MbEbknFB6ytdItwDjmNGijQ3jXa9g5wDcpUb30S6yKycT7IxLZGoHUoHftmkb4XR +TiZex+ziqqF4+XJfgwe9smCoJWXNCepao2+QVfoHjIV4dAGcGVVfMVE92HpYc0YK +pWmb/U2qwK6UFIXkt8Xam51ogx1X3a7qnPFWYXADhfptmitk09FP8bwEtlHpU5VT +W7ksu5thrRm3HZ7WwJm60nrSsEb7uwIDAQABAoICAQCqAb7eYoBfp+6T7C+Y3ztc +AVoNouxyIyzTJt8iHSIXzvucmduNkRh26Byy8K6FgXatju0fprgKKe+GEeOuD+sD +TG8KOfNXRJsANyJniqINUVOffAKwDClSvkpJTDy4D5bPv2H12u54y28Sxh78N6zi +lm/f36/l6Qw5I7Js3GOPjqfa2eJx79AKv4QLcVAYoFclu9Po+LWqodYYxnjYNN++ +tNy4JVP8Y3fYFXC0nmRXZG9JF/shlIRKm7TnEcRDQNFSU6nh0C6ET8G1RYlDCycu +YVCvtYcpb8Quh0h8o5PkwwAYwvbtPtnJB1ahYDMhG1DtOnIYmS5uC7yPMy8Lsiwz +TOubZf+43bMLBwDDvVIW2mpJ2L97qpT+XzgoofDhXVK0q93BzWi5q8GS08mlPGQa +tGttm1s9gqvGYL6YmGCqBLmhip6f5QoLapcKk0d2HEH1Rn/EQGtvmX091D4rb62B +qoDaRJYb+CTdR5VB/d+upGbLqUJt5rAPJHB/cKMceMxGg+IRyxurpkKMdpJOH5fU +rscD4zmksN1id+VekM4qII+vEvU5Q2LWgybVTl0vwo/g9U4iDNd9R0w8GAGxyvTW +ZDjNvmC3XzOLe3lB/3QxTIZT20r5rytgAua3/Galr76MtAIySWgzFBkzxR6hJzN+ +SqB9V6kIbgAHe1t6IkRJ6QKCAQEA4nuCwpQvJZ6TpuuXtNJRCN0WBQVidUytnb4m +gc57iIveKtLOgMpluaX/PSdYoLbc9ePLNd1n4j3ExXzQOqKX8Y1s/6GkbFx7uUKS +7u0Pxi3uSadF05QgCA6QZo8NwB8lcsHUb7ftMFXZLLf2UUE8cjqmKlVfo83c1jOT +uNOx2F/H9admLJx6oQl+Ukf+6k7ogfbkhAlkNwudRDNjtHscFeUy0h3g3gOKsgbi +isYRd2TsyEWMkrUKNnRXXy/cmLovYfGMSTQBqm1ZYllH2I0+eP86wzzeB6oC4Nev +Sn6cCNcftu7SFwG2GVWk9upBLzH9lQy4m3pt86YVwNeW7m0Z/wKCAQEA24vkXkLB +CNudOwuNLku/vRbMqX9sONX6XGhHVgMyFnj6MO4wh7Qksbn8Uy7HrlUz8b+JPcKR +cZXJd7HMNSqZy+Jj1c5p/MOV0VCYBr2zk/IW2RlWxUCeQVVhwz0Cwkpku2ode7vI +3XrPCB5PZ22jt30PbsoTvjGJvHl0Hryg8CmXW1fcmrjFUDtgzyFKidP+Z5xxeBpu +oHqWd0XS+TLeVjLCFKTHBmklh6Cl7Vzp8iRXsxngzlbRwegcWsA/pGHrv2ybOgkc +8IedltbF+XEw3nJbeUuyaBy38LN/4EM5pYdhdNhjnwn0D0QmKkf/0uKsrAr6JKB7 +40uCx4hsU70GRQKCAQAdJk5vIslqqx1P55SwBj29yU7TOJ0ygbr6yYWFQYEu0um2 +U0mW0/YBzfaq9Ux36vFHiJkYBrYfLVoNHQJj+Zda1JwJztEtzT1zW7kznTlhhXnc +6vWWxMLWpqE5QgJADwIv4fiopGCXzwTTt52xWZchEKFgY3qax507yImjyUNjmPhQ +isogxccWwPUMPA34NE3CpHdG8zp9xzXnmEGl8g5sVwKSfpv5lzUbsr0npVSMLGY5 +ZJIyM7Drz0+Lhcp7scL1dTRcG6B3Qfm2Kc2QdqVqx1bV2Bivndce/0Olb+Q/UwjW +76gEpAi+/AHucboQC/waWffMsxZBvMeh+V2ItGwbAoIBAHk95/+mHbQmk83nsy+9 +5UUnMh7on3tDr98YN0zotuByLriW0XYfpaQAcbf+PYeoxebbP487w9ZWQcw4A+3Y +eNZ/T2LjeuR7nmDZgRs359Pr/XIm7CRCayLpY/PN3ZguPTLCh0Wtjl/BUlPJaVBU +2/SYu80TC5QdB1NuPxI6WSZH0a4/9zP6lfyYzf2VBPTYfcX6Py90aWN2T2HOzZOQ +4/f2T/fWh5KivncH4JoUlZ2DNGtT/zH0ACJ1bDMxt/Ovn+E2uQJzxeeO/Rgvw2Td +fX9a5+k0RHH6ahojBptyhINFICzG0z0g4gcMO4dd+4kaZQEdjsZrWf9L1A0c6bXU +zYECggEBAIt+SqYWu/BYMMeWlmDUYN9rFzjwWC2reyT5Az4Og8OxKmnlkTNzncnP +M/5g5bdDPf5fcrqfdOnJLpITYB7Cs4OoaPRhTZpbZBOmh3U7G1Rfbo9gywKfumES +uE2GGi5cU9OvozzhqXYWb0rnO8n3Hzn4YRTboiLrrXyGBnJbFXPz0fdw6PkCWA7h +MuRd3hHKeMqngHc6rzcumZbCVoD/eY0ZB4JDspYpJGobeVjf7riDYPU5ZhqV3jD6 +XMo6qpbPB4gnlJ8KcO8Oosp1I6Kap12LLXnaXqIXQ/HqejZLISGbweODT0gpSrwM +wBV3ZDCMDsw/DG/8zGQvxjKrVqzFWyw= +-----END PRIVATE KEY----- diff --git a/__tests__/fixtures/certificates/server-ca-cert.pem b/__tests__/fixtures/certificates/server-ca-cert.pem index f85c614fbe..7fbc831ba1 100644 --- a/__tests__/fixtures/certificates/server-ca-cert.pem +++ b/__tests__/fixtures/certificates/server-ca-cert.pem @@ -1,32 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIFgDCCA2gCCQC8rITAE36eyDANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMC -VVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQHDAZCb3N0b24xEzARBgNVBAoMCkV4YW1w -bGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxCzAJBgNVBAMMAmNhMSAwHgYJKoZIhvcN -AQkBFhFjZXJ0c0BleGFtcGxlLmNvbTAeFw0xNjExMDExMDU5MDRaFw00NDAzMTgx -MDU5MDRaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJv -c3RvbjETMBEGA1UECgwKRXhhbXBsZSBDbzEQMA4GA1UECwwHdGVjaG9wczELMAkG -A1UEAwwCY2ExIDAeBgkqhkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5dlk+OKb+S14hj/EHVUMzGSAfTpc -TJgAPxhaWChp4ICBspYX3OrIdQ4XXEzJYu0ZFIxhV0VD0XBB9XEdmyaJpgqJORFi -MplDtIOAAsiHL64g7ZW8vKrVH/VWnCk5lt4CX+u7bUzhcGo11Esmvy/uAWDeStLI -m+49esBbr3nL+oYMaGw3u2tgZgaalvozg4p+Tatl3J3TUgpt9fK5tpHwlGmXIOp0 -O6Lq3affXZzFivMm/jJVMGyV1/AowPCtXbhS1O8qQQKws4HZUx9Od34yzOpPCkQf -Wl9YkZKd2OQ1MPTnpjiXluBEbhAPPHKq7P12B+wrlFP+4l9wNwqpTIxFR6j/iy+H -9exO4yaU0QcaQFHOSPxVP3rl0KdEFq/oTkto23Y5nrEuwEZ9TVEdNaxiOElNy/qy -cMUsFZA+4ne1Ly8FB44OY2hSE8P59jLFNP+A+XCTMK7doiJ5BT442+kxpIRQyfEl -EwaRQm2oZzJvSU1G3EOYs/3hOzQzpCpaJuPT2zhis3wHzYtgVt2Q5EOaBQnbGi9/ -bV6881elI6+5jEahwq4zIlfYREmOm8wtDXkeajIIQrLMRG6d4YMm27F3ZCxL2tam -LEuF6CtqoTEuxuJXM9zC7Rydiry7kszLkDJKvUmGgbrJ5qnmZBetZLoG3NivCWQN -n2sJqcmOrRU4SfsCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAD8reWqvPTVuxQ3XY -z5tOii37WDhVStUwXot6QaUCIouAIfwJDnyuOi4H8vgXzWcvwPvEXWRS7JJZn4Qa -5DsuOo5UI60vvypZ3F0MrPQbWz3cwAzrVVCw138IfMUo2dLfW5tcc/2zIg31zStV -7wREbMRX/xrqkyuOoe+1zvpk7oqaXff6aOluqtZh5Q0g7fANt7Lpb3TIJF1lHxkJ -mKaPHUbSwxXjv42pliJlivPcjELRCwZDfNA8t6FftmhTo0ReRrUP6CyvZJjEg+2O -8/bPstDs0bqE9KCYFQmroGvfwZj2DjiAm2P7DfiLmfjfojqgKFW8nw9ZgCyHFD8t -OB7gqlB5PR11Y9IRzdV9RO98lmitVyHI+IPkoj/Dq7L08jXl4NspOml2kwlvXrcG -k14IQz+Wy57UyD8C1ZS5MkHM9Pza4uvEmFND/SkN1rAJh+nl2ufZ6qSRzA39S6EC -hi6D6yh7CRpPlpF5rtdzAJMjWS+/JXGBmzzdGHNAVKuhReIDDS5mIW60gJkCF+iM -K+jdVGPOxiN5ODSJaIUJadVHe/QDmFUTYMtho9cdJU4NqtDwLLzLS2sPg9BKcazb -3A2b2esl0TtJI5iGgRW+oDlXw86Z8A5RZPllBJYIuuFe9Ger7bjQj8F+lrHOjnE5 -z25jSi3bq2l8JLZnANwdm1O/TLQ= +MIIF7TCCA9WgAwIBAgIJAOQ9IRk5pctqMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD +VQQDDAJjYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQHDAZCb3N0 +b24xEzARBgNVBAoMCkV4YW1wbGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxIDAeBgkq +hkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMB4XDTE5MDgwNjA3MTIxN1oXDTQ0 +MDczMDA3MTIxN1owgYExCzAJBgNVBAMMAmNhMQswCQYDVQQGEwJVUzELMAkGA1UE +CAwCTUExDzANBgNVBAcMBkJvc3RvbjETMBEGA1UECgwKRXhhbXBsZSBDbzEQMA4G +A1UECwwHdGVjaG9wczEgMB4GCSqGSIb3DQEJARYRY2VydHNAZXhhbXBsZS5jb20w +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBFeT4bPZ8OGivNZQby7cI +N1DYloyEJZjvBkE61Ewdq1i6bGQVrxL/JrWWvCVrSOALUpovFGIqeeHoYq5IHSTb +jd/vkvrGBymsou6lJYJGqlbL3GCDbF93txPTvEwKYm/FbvFMu835DQgZEaXuB/iS +RWKUOgjf48I5buLHVmJ+V6INoYlQgNdtM0tSTOefOwp46NEzOwlmNAsQURwOVgwX +Aiqm8862hlB3y8zaV9xh3nvinMhTbTlWOBKuJD3us5OCmpY6KJVdOhgdmusFIHSD +1Z1y0Wk1s1abZeChUYi/3MJgGL/sxgk2fscvRTukq24xqYixcs/F39TEYsOtNwO0 +qL934KY860BdBjXSwv2TMA7vLrMBfKiyYFV5Tg7VeiKMYuvAMiJ6pcycI2AuIoJx +l9RcPrqKUATkjVbk5j9VowokW8bMpCMKqBAh8eAj93vEVbk56MQNyAQzi0ua2HIS +a0TH+Z4cLXxVNQNDOg3u/uYzCJqVkkUy2ACuN+KY19/owCDEBmjHf3YEeNmu79nP +8eMp1qDxGaHrB8Mbbs4u35oKcu3/osAAAv94C4rYM1GlvRavzMXaw/w6THXzAqLR +HUk4TDySH59lprorRwi9O5MEseu/VR6kpVGFaqf8Uk3roO1PLcrLl7mIVEBMT+xr +dsQZ2t5uPdRWl17CC3FPjQIDAQABo2YwZDAdBgNVHQ4EFgQUiv23fsFng48bIdox +T5+R4ZyblCUwHwYDVR0jBBgwFoAUiv23fsFng48bIdoxT5+R4ZyblCUwDgYDVR0P +AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQELBQADggIB +AGyXNgSgEKTsP6khvdCIognjKBPxHloKRa1VjVDISsOTrhpnpzD8iK5fI7PLNTu4 +I57O90Ouo689np766iUIWTGDX3gHXLwPjvEtHFBOctfkDRD6vSk6jT74AWq5SM6R +i+Us6iLcOoyJOXfpRA2RJ8mSmYpswmY16s3vNQtBQASDEgqd1+tuKUXdf1ijBUEI +fua0tUBfmroEDphzi9SOyeo3KbXafjrgHnRRF/EZS86UuwI1OEYqfzqzZzU2aR+i +zKdA+V5m/myfgiFHWnN8hT5TgJC3zjuLrfPE0oWF1xUJouMhDiKp0tWu6S4wyU0w +cxtpCBPoeqjVr4eVyvmpFREPIW6fANUT21QDTu22gjorKoewoFlt62Q/SIiVe8Fd +zMNLzJykHzP8W5E4p2lUFmuZ+cgU0ASsqTf21VfWuBYOLMCe/Z1mRw/egg7/ZlkB +dbgbZVj0hkfh6zGybtAeCPVQ5g+eQ5AOJCaW30xs8zove9Ke6/Pc/QPQ/nU5KhJX +/Vr4xnoOvgq+UM/CwhYgqMcqk04czBF1KHKPKPFv4i+XDZ++cckUq3PMvWHMg8Og ++9LT8+6nWhoz3C2khOeRXJn5JV0+NqrVFYSrk1Ck2Z1h6dVDhz25fyPV+9+hZlDL +iG8MH0iCyXWz6kiZKW0s9LV7AW/PUPU/rZdS+P2HgS0E -----END CERTIFICATE----- diff --git a/__tests__/fixtures/certificates/server-cert.pem b/__tests__/fixtures/certificates/server-cert.pem index 48f07af5e7..5350c49748 100644 --- a/__tests__/fixtures/certificates/server-cert.pem +++ b/__tests__/fixtures/certificates/server-cert.pem @@ -1,32 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIFjDCCA3SgAwIBAgIJAJtFZrwaJuixMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJvc3RvbjETMBEGA1UECgwK -RXhhbXBsZSBDbzEQMA4GA1UECwwHdGVjaG9wczELMAkGA1UEAwwCY2ExIDAeBgkq -hkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMB4XDTE2MTEwMTExMDA1N1oXDTE5 -MDcyODExMDA1N1owgYgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UE -BwwGQm9zdG9uMRMwEQYDVQQKDApFeGFtcGxlIENvMRAwDgYDVQQLDAd0ZWNob3Bz -MRIwEAYDVQQDDAlsb2NhbGhvc3QxIDAeBgkqhkiG9w0BCQEWEWNlcnRzQGV4YW1w -bGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArZgHshixyZHR -gO40abko3ZZNat/kbDjNyECw6JEIBKOnJtHYspyM70ERQEieTsFsI3+7shbQnSjH -KFLcBO+afThjeqalFGBaZR/G5NeTMSmgT41EcBYHGSN1thG2u68SUatgpFNSiN7y -B1Ok9ITTrteOxGdPBeqk55kCSWBWzCK0NTcM9Wd5uB8ENlL1707qJYtguJs3VgKC -jwwKo6g7wosEVegJCUj5MxKXvLXD/s2sqzz9b3e6E/1HyjzI9DPbLuYrSbiqXocQ -kz8OCXXftNs4C0G7viXqJLHgwNsGv2Adiofn60IVLvTGxXRrStJQRjnpLwqoaQPg -dfLiCai5m4AXHzupeYM8GsRMNQdNNhQ/sw895DEdRctpHLl59OAOjxCzchCdmumQ -5H56N/wQFed0nWG0Nd6s1LzYjumypderXEZEkzQbHb9TedpzfeoltGPzSNAv3Q9d -TLlQ2F+uCUz6X717Chu2cPw3cLv14HAGVvd1kYq6YLA5z8r5JJqHzcVTROFhq3Md -ymIDWwT/GKPAjCOZeiukqTg4RPbN1L5INNQsZhmPAzshLx71tj4sYxwv/wDRDb+c -jYCNXBmjpoWXMO7TCqSbekS/KTRFpPNXvxuIKDT1zV/V4Su8YkW6k8e1168I58af -sfJJkTpBdQPebVwsl3F3YQ2IUSedAoUCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEA -p90peI0UMLbw26zVZ23FwEXg45vLrDaFRMF8PJmNOF+RhfyPwWlNb5q/Pl0QJGEt -xhQksFqaubkZkk+AQ3DlRZOmiZ5qKjesJLKxHIMSpXDMo/DrQSbwa3gEaRQEICjJ -ScDyjcNciogkc7zm3DPf0+Tk1vBYBYGlCfCBtkXMJqJCmLyvBQIt2q062n5JtQpf -8IzbxdAhqleAkjZbX8ZStYALKVQHNy833J6FQk9afol2X3VoS74MjhGQnLm/5n6R -BHR4mvULP4boe3fVdp/0pAMWTKlxXbh7a7gOxQau0QXNXM2YVUoDg+ARGVqjx0Pz -DrvADc1HxMyC2wJ8i1d4jSuAJ9dPNiOKNeUHRPL5/XCv3K4cl8oOg0K0Mlhwmvbo -pZG1TroCoDbO37wAhdMxLOoUILdzt/pF1CbCBBAaFQJDdRjlVhnBkz5JKYc/aP7L -qbDzUH6v7dxykNuwRMgiNMIwRk2odOwtFkfV4x0AhcYtOnbKU/YbzJswJk5gwFhx -sZnoTHewYoMzvGziRCkHYh4TEsWQnOLUju5yaz8XS6hdKM/bDiVx3NoK0Xk3LHjx -a6oQRTtY+j1Kr2ngeT15yavVUtocRWkLoeWu37i20tgnOpjk55XdrHlK57saPJtv -0U9dxcNZBv0QS3d7UHEEDw2tWxY5LkG0YIO/16ogCe4= +MIIF6jCCA9KgAwIBAgIJAIUfwLpI3Mh7MA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD +VQQDDAJjYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQHDAZCb3N0 +b24xEzARBgNVBAoMCkV4YW1wbGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxIDAeBgkq +hkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMB4XDTE5MDgwMTEyNDAwMFoXDTI0 +MDczMTEyNDAwMFowZjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQH +DAZCb3N0b24xEzARBgNVBAoMCkV4YW1wbGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMx +EjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANOEdyffD9R/rWLDLB9y5EzdSgQxqPBFWAFDo34HduYinDwsctX/6AVJoMwh +qxMNqkRTiALBbAyhQXOAWZb/rPFOLibytoeYWlxNpbtWvPBpkQqhs5WgJwMu3JxX +QqgEZ6IkBlVO2uxATTk4FU+cixCArAjOBrQRsUOApAok9szpLfZOd9Ut9b6BoW2t +rMwnCLaLbsvp290ExPF25gYdiv/mtPgMdhrI5VgIInob5M+CereQsn7uvQbTeiM3 +whXLjiPlqeZXETi9Y1HdjQeMcS8D8l2QedZwMMNhSa86hzICjnw0/rekgRQgmRtt +nI7AZlLmtYtWxt0X95lv6PyHP1lgShUVGehtbm+f8vi2Cb5Qpk2ZvZP+kFLleeqw +wf5/m/ZXx5wCe8JGj195NxXS0bJokow85IppMV1xJf5FsFWsEfftaKlK9b/QkQo+ +VeZ7yTRTTXIygsllKobQuuo3cvV2PDBt6EnXMWudlxNN6GRvi09tC4K2DB0442AY +/qD3KF4MJFXqomcXBpVbhx6yaUCLHQ2O5mpCWf/7f/6urDRSJtnOub5L7btEp2YZ +RCn8vRSzFhhaJ6yqjRJOJtu+2iERkcs39FK2uNcPOfYPI4pnGhEiBsXClhX7pknt +Z0W7JoA2VPlE0ozT1GiKGjRPdDUICsNnX3+MI9WgxNWwq4VxAgMBAAGjfzB9MB0G +A1UdDgQWBBQkUP4b4vFh23cWwFnt+8N6UxXsyTAfBgNVHSMEGDAWgBSK/bd+wWeD +jxsh2jFPn5HhnJuUJTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEWs +61OBlPRofZao1x1qLKPmH1FVerazgAB24s/g3nbTfiJ47OSjtDu9YMtHjmQ0NKh5 +5O7Mm0r1yoNeU6qUWSM3NmhWeJCzJG6clFo1b1AtVECCeq3dAPdsILKiVX2KzjmH +0Ek15joein0a2qdzcwclsx5B6MsWr77ciM6tIBtD/Lt6l9CNiblB6hThAy5Kgfyk +lK6AXjdbq5IR0L0qZNDUunn2ewzU5TAEiR99GYa9BzZhAfM+RQhwZggQ/2ldfygk +BYR9qMDlQlfs+5ZrIIvKTcuhgc7GcSq35p8Ack35UCGzJQR97BVSFflVksgK0bHE +zmS22RBPjBkGO70X0SHpXCFlLZZ/qjdJL315tdD6q3Pdfpt0igEXwoeSZwt/7T9E +2X/QfEv9BOzLmed8DR8WWcfGn2FR7H7fEuyRWc+z+PlsEFYdVVXTVGn0CNg8eolt +gEbDalpJOUtnYSK1xPXBO7hK/TQFd10r5wm1u1x0k9/DsBGJeSNukdKbrxgwzODY +fy09AL5oTzyYD8jPSF5QcqNh6qmO9MBsIUxSgv6Rxk3dUvhiqCpioMjUmnfoaan+ +GvmOCM3k0jAntU7Vky1Ew8ljtxMlN0E0Rf/Q3nccswlTWQLZFGFFcbuOMBff9R4Q +YCvZpXOrf5hk1tJNShFmWykD5GHxBtsybbc1Zug8 -----END CERTIFICATE----- diff --git a/__tests__/fixtures/certificates/server-key.pem b/__tests__/fixtures/certificates/server-key.pem index 68e82d7e57..53ceec103d 100644 --- a/__tests__/fixtures/certificates/server-key.pem +++ b/__tests__/fixtures/certificates/server-key.pem @@ -1,51 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEArZgHshixyZHRgO40abko3ZZNat/kbDjNyECw6JEIBKOnJtHY -spyM70ERQEieTsFsI3+7shbQnSjHKFLcBO+afThjeqalFGBaZR/G5NeTMSmgT41E -cBYHGSN1thG2u68SUatgpFNSiN7yB1Ok9ITTrteOxGdPBeqk55kCSWBWzCK0NTcM -9Wd5uB8ENlL1707qJYtguJs3VgKCjwwKo6g7wosEVegJCUj5MxKXvLXD/s2sqzz9 -b3e6E/1HyjzI9DPbLuYrSbiqXocQkz8OCXXftNs4C0G7viXqJLHgwNsGv2Adiofn -60IVLvTGxXRrStJQRjnpLwqoaQPgdfLiCai5m4AXHzupeYM8GsRMNQdNNhQ/sw89 -5DEdRctpHLl59OAOjxCzchCdmumQ5H56N/wQFed0nWG0Nd6s1LzYjumypderXEZE -kzQbHb9TedpzfeoltGPzSNAv3Q9dTLlQ2F+uCUz6X717Chu2cPw3cLv14HAGVvd1 -kYq6YLA5z8r5JJqHzcVTROFhq3MdymIDWwT/GKPAjCOZeiukqTg4RPbN1L5INNQs -ZhmPAzshLx71tj4sYxwv/wDRDb+cjYCNXBmjpoWXMO7TCqSbekS/KTRFpPNXvxuI -KDT1zV/V4Su8YkW6k8e1168I58afsfJJkTpBdQPebVwsl3F3YQ2IUSedAoUCAwEA -AQKCAgA3aPqz32wIcjIUXHSAdqjTqiFGBvdLkAonbHbLlVeg23gETSFFSfE2gWd3 -RHa7nsPcxO3tl5i5QYXomiI+tRhz9ebTBJRW37aa5ry+2QzTuXzBR89bk7xqSsZM -+nSAjg5j4Tc03J/QrpFEw2842ZkUCxw4Ft3DfrVqc42mTEkIWd95yPuq7X+NxOC8 -UljMLT1SBJ437tuH6b8w1+AhgxaoL2WP4kPYIeHhaoLiqoZIM/B0rEAdL3NG5Cbh -J+vg/xhsbO3OV1KSX7xrs8nQPT7N5NeLyEycElAdrGWYSZFqzsw/JshhcLOATIOS -DWod9OnIsL181YMSGjmwjHmYKbIsqMpOk4GjIHLutVCgosofhnH8Yz+XCwlCobyj -a98xuyXPI3i6wEk7vpe+8tPVsHR0iBP+wND/QV1xX+kOC5JK+4mStIy04j9RBrQO -jAsDejta0V3v5YTVOwkb7Dh5867jjOyiuhrtjLOrJvnm/8AW2qyv4r2NqG23S1Lq -Hx9akPQ08WYPB901MkqfxSZ03s/3ZfRT8VsmAra9JGSxlbtSnWWMsqly4AsZIPmj -fp6/UY4X7I3G9dGXaOOCP2gfZjwW+AWbKQnrF0SUeAxvSSMyss8eQsEfJ49TkEgb -zPjJpA9H7wWDNQT7iNFqymipsjEeoHD8lCnPTho84b6QIgIFYQKCAQEA3MExd6f2 -Rd3H85x/D1sgrDsVFj4+hpXFc/U2qgtQsEbURjGPEL9rmFdqKxBN1WLq29/vSPek -Td7owmulRHJRv9N4o4tPGGU4IHzMhDie4YZQxhuuw5W2xQlsGlbJD/MbZVqodhf1 -TKFwvpvO5TN27qzkl078EgzWXBOZ7JUHyZiY4gNnPyFfZPSuq2oZeG8sNG417lTO -eVEZtsRuwihuvPuA4BmGONgQq1T0H57nKPaT45NxjqdmhidGoAsLCViFirIvCO4T -1eG3hTTCbDNc8khZJsowShDZJwRb0DLbDeo7pIhAsa8oQtH0kIxFsTUh5puf5qHS -MkISHCayHSukrQKCAQEAyU9BN3c+XXFToc/cG7glh1P33iZA4ZU5TUrKVfAreFGM -AMI0ifhlxu7I31qvRaXytWvLyZxe0uQ7+Ls7/1dHk3lJ+lQEt7bJdhksb6crFn1t -0F/jugmv1Mr2eTTY9kMxaPxx8X632yVNpfhenyA4AbpvjkHFaBdc6gimppTYyHsf -CUkUsSp9InDLuwai3Bvuqb9mc4tvy3pX8es0DRt2nXNMpw9qu5LYIJ8OMS4hshq7 -3Y37v8Ruvd7sTpUaluCiUZdrFdDxENZssoh9AqjUyUuYNJsXl7Jcpp5wmfqYyw79 -Mg27edR19OSE1WeIOUkDdvGB5uH4cC1BlF6ZnM24OQKCAQAJ0n7E+DA5A5k1+ayd -nkxh3W8ewj499sQGWM7J2h8I+N3REbtv31SGPr12lQ8hg3k3t0sKUBp7bIOmwutj -lEKW6m3fuP8X8skAiQ0AhRRsrHFDn0+zXCH5umWY9muTzhlV9SaxuncrpbNCh+Q4 -xoVwMTkqklUc6H1RM34RzL+/9I444DXj1TRNZaWv8tSXSzsISi8UH6ngM/+U5kCX -Wv0yY25kij4yoUp8lRcXoRZf+Di0U4cl9cTWC0FVNaiUDeBDP5JgL1eqmJR11Nch -wVdNYHK3CyAC66T922/KX7jncZidxYI7ZbPA5V6gX91p+Rc9D4eZ13Fm0xHDNuWN -7rcxAoIBAGbpND7Fn8UnLQjYeP5WqiC/ZURUq/BmV6/SnxNFvwM4NOkiXrd1m5oR -8fB0rItfZW8nVzuOy87lzF7AYNCM7tNOOupUz0CXme/cuKGvhNBveJcAnis5zoBq -7YtS3+MswHKaMymwjQ7jyAkjqkOQtfD0PRktOFyZLO+bUo5wI06B2oDlskVLokLc -BNpsbw803FI8vYQt8Q3FUnYiti5JLt8Y1UPGFtsjG4e5qAiuO52QGyAM+Hi1U6OO -9aDKipg8593sGVtCwCnKZDD0o2uboYPyODIUYwAytziaYJfmyvtrgzZ2XLPQUCjM -NbfewH4AfFvu5GiCdn3qNM9DeSX26MkCggEBAJwFnnn7C/bS5opGRRdK/IXPD0jn -aquc6Xn8sxTd1imfVEHsFM+XkloQGF8kak9zyjqU/WN8sxvT7TgeOdpAT644GeWC -QAYRIomD1WoLNPwmre3Ink0PWmPEW3H5pVsSSqQ1XjSA0bB/EvIDwP68xN56r2lR -YtWWWzIEVjpdgo1SiLqzWVbYC3rleLXuHqGfS6xWV9BlkzDEzNUdQMnpgK9c+rkn -kjc5VdYF4i2IjeRHRaje4JKHSUryXDvQIEwDGPSeoD57vCX5BPheRBGKn4b4kjxK -CfFJiVvEwoJYQh51KXh2Q7FRSTLVqYwcujMJYH4cS/JqcKXKdEoxhDyQFWc= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDThHcn3w/Uf61i +wywfcuRM3UoEMajwRVgBQ6N+B3bmIpw8LHLV/+gFSaDMIasTDapEU4gCwWwMoUFz +gFmW/6zxTi4m8raHmFpcTaW7VrzwaZEKobOVoCcDLtycV0KoBGeiJAZVTtrsQE05 +OBVPnIsQgKwIzga0EbFDgKQKJPbM6S32TnfVLfW+gaFtrazMJwi2i27L6dvdBMTx +duYGHYr/5rT4DHYayOVYCCJ6G+TPgnq3kLJ+7r0G03ojN8IVy44j5anmVxE4vWNR +3Y0HjHEvA/JdkHnWcDDDYUmvOocyAo58NP63pIEUIJkbbZyOwGZS5rWLVsbdF/eZ +b+j8hz9ZYEoVFRnobW5vn/L4tgm+UKZNmb2T/pBS5XnqsMH+f5v2V8ecAnvCRo9f +eTcV0tGyaJKMPOSKaTFdcSX+RbBVrBH37WipSvW/0JEKPlXme8k0U01yMoLJZSqG +0LrqN3L1djwwbehJ1zFrnZcTTehkb4tPbQuCtgwdOONgGP6g9yheDCRV6qJnFwaV +W4cesmlAix0NjuZqQln/+3/+rqw0UibZzrm+S+27RKdmGUQp/L0UsxYYWiesqo0S +TibbvtohEZHLN/RStrjXDzn2DyOKZxoRIgbFwpYV+6ZJ7WdFuyaANlT5RNKM09Ro +iho0T3Q1CArDZ19/jCPVoMTVsKuFcQIDAQABAoICAECNX9QiRnGC2caXbALZDIXM +z0cCZN2XPCl+nAnde1L24xmWMyHObOAYPWOvLses1vbtS0gUAcbE+/WlCTKFKyGl +y34FeuFdBM7Av8Cx0w3IGgTVnroeW2mkRp3MH8KpPXuFZQ1p+HQ7l5XL4O0gCGzr +6BTz06Xm9GN2ghm6eDvHOki+X+IGmcYfR8XySBcyHn2fhhvjbj9Asl5C/CaHo6E/ +pqFBJFY+U4gPS35avvT5jDwzg9YrRDMuHUtcO/Zs3h9kevqaPd5EJmiYpe7U1MIV +gUU+z4A7UxZ9vYAl65a+ov+TKN2g7efXnwJ47FvAqjnIwUUaIazeIKmKNt/C4vj0 +yuDRj0pBicEe61d+8YzYgM4KtdCZm0+BO+yikx2tbbYviXYNcx8mBzxZ93DqDogT +YqZZlgKF0/KubXkZVEKgBnEnqluufNcOy45yb1Ujy57FzaTxpe4Omtyk7r1y3VCI +8Kq3rWyomiDViTBlmDz4Sb213EkxzoFeOAB1lQlejjF8zUUp11njKGCZKivcUlXp +4ki9zEv8fYy/tiHtr7e6i8SC4J6Am2751rj6a1wAjpOVf7iiggdEUeIt4jbRmPNX +94EdXFpytdQBj6Q/Y3MKP+nCnOrBzENk27tok101s7mgsktbMPEFh3fNykskaMD0 +RoI9gylGWTt3NW42QnYlAoIBAQDviESB7Vk/w1It/XnzEj/xcCdPZwQ5HC2TtOgT +ZnTn2vlY6hO3YXP6zP2QzpAL1uq3WKQvyYgoAcMl3LBDRY6gZOJg5KsenzEzOG3S +lAhB/A21OqH0SEox1UUtfCeJZnOFMPM9BMPm1pBLPAW4tD4XkseuxbAc3wbCbMHV +b8wTSgWBnLuP+Qp+mm6uUIikJINHLhpz9GMUlTkS8EpTNBJ87BLdpD6JtFV4oEqq +TxB2Sh/exS6hlvPe+/NxTcjKM2Q+Snqn+uSb6Jb5jZqarbJnFnnACkKPCzXkuixo +mlLs6h6xnN4iPlt/YC5c12v0JZKS5tdCt4oMC2MjvzpbRHjXAoIBAQDiDyQCIVy5 +u0+B88ZU+zVJcbyFzkho02w703MWzRPOXR6q4WcuvLWScfwcqG5pfMTGbOpQTCt1 +NZYXUaftbzGikSDJDM0AAdtTbAZI1+1DbfewiaIVuFtUci4E1doe3Y3uat4PzPQg +1C0gcBiX0ceLeqlO6xme7Ufb6AZQsk/iZvc3ARG+wj9D+1Cmzb8LuAu1t5jhqvS5 +jnDNxhf22GDG3MPck+aSs3UqYC4k7zTkK93uKrfM7vQg6TzeC8n2nNGgFUSl3jia +RBaSREnAxiQ2F4hZfeI6OTaFpeG95sR733DIXWIqUZUEoYUZ185z9cbbzE3g+xFl +fe+LlsJJOML3AoIBAQCkZA8wZGamPjS+X4I8cj/0QZaZBgh98XrOLpBAEEcXgM80 +WKHjbzyb2egEY9+0YHGCF5HHQjbxzhPSfl1yLeCu78311bojL/oiPw4QQYxRTN1T +jcPs1VgmT0pE5zpzMB8EQA4PyJ9yY7twBueeVgVvREtLBV3S0rXe5ak6BJo4esrA +o4KOUssDDJX9iEPe8zgtt9Rr1EPTsn4TI1q/M7OkjJh+COTquRsXyFq1+8E+jazF +xOo1+FWyqZPwJQQy0YZwwcjgVG5lGgHTj32VvrP70A8K33/CkF0SdztXJuLWue8K +0rAZLFa7WpU3Hpl2W/r2WvtNTI2vqnkF5Y31aU7NAoIBAQCW+/3U3muMMar85NDG +2bHRiAGebRS3zt4vZx8rT3W3E0L0Zu//q1KqqS72BRkZo5fZ38zwLK+p7Ux97q/2 +SZohNkVrgv040ASpRzE7Xdy+eKhCZOq5DxUQ5eIOoLa6fsfZQc9nRkCX3J73V2dV +n2tjoV2LtEK8f0bLfcEaDL6GPLdJKZGskximUyifADRlo1tO131o3EHv3U9CYNiI +qiSZLcIzhSUvPmU3FF49lPcCnrnv5OA2JDMx+BYLSFxwNnVcMlhTYIT1pBxfPPT1 +qGFvL3CGNSnwMV5VDWIk8Aizo500dgqmsS6SlT7M7/KYSMO08lPhvE72NpLT7LF/ +LkYpAoIBAQCNqwFJCm4MWZbCzGBqjOxdEmp6vvmIl2S1UUIoWH3jBbkMR9R5HRma +1fJp2IrCYCWhhwbYV7atSWf18uTEZ82gudRdefruu5PZBGPStMHN9Uq0pTmoDR6S +KjHc6GWd/yX4rhQb7exQyjGZXVgP9NOibuCa5mH5Qw7a6hIwIniOZev8nCAuppT9 +LY888zW2vx2ggEpyQKqu8ZnUSwDP6MUHA9x9aCCFHc9wSs4lR4aFLyzqyv9Ek94c +mASU+w6/0mi94qOgAvj8kYRbfilKtkSdN8LTw7Wj6RNcwwz6kxWh3bWduCyg/N0E +sWNV9GzIArdm5GlK2XyWjl/dW9/UvzmQ +-----END PRIVATE KEY----- From b8af7e05acf965e612f2f8fafa240aa9bd069a41 Mon Sep 17 00:00:00 2001 From: xv2 <29576033+xv2@users.noreply.github.com> Date: Sun, 1 Sep 2019 17:37:12 +0300 Subject: [PATCH 21/49] Fixes offline mirror filename calculation for scoped packages URLs in Verdaccio (private npm repository) (#7499) * Fixes offline mirror filename calculation for scoped packages URLs in Verdaccio (private npm repository) * Fixed test * Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ __tests__/fetchers.js | 19 +++++++++++++++++++ src/fetchers/tarball-fetcher.js | 2 +- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bf5b2d07f5..a3649cf249 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Fixes the offline mirror filenames when using Verdaccio + + [#7499](https://github.com/yarnpkg/yarn/pull/7499) - [**xv2**](https://github.com/xv2) + - Update fixture certificates to prevent false negatives during testing [#7457](https://github.com/yarnpkg/yarn/pull/7457) - [**Thomas Jouannic**](https://github.com/eilgin) diff --git a/__tests__/fetchers.js b/__tests__/fetchers.js index 55d171b3f0..5c95c6af7f 100644 --- a/__tests__/fetchers.js +++ b/__tests__/fetchers.js @@ -312,6 +312,25 @@ test('TarballFetcher.fetch properly stores tarball of scoped package in offline expect(exists).toBe(true); }); +test('TarballFetcher.fetch properly stores tarball of scoped package in offline mirror for Verdaccio', async () => { + const dir = await mkdir('git-fetcher'); + const config = await Config.create(); + config.registries.yarn.config['yarn-offline-mirror'] = 'test'; + + const fetcher = new TarballFetcher( + dir, + { + type: 'tarball', + hash: '6f0ab73cdd7b82d8e81e80838b49e9e4c7fbcc44', + reference: 'http://npm.xxxyyyzzz.ru/@types%2fevents/-/events-3.0.0.tgz', + registry: 'npm', + }, + config, + ); + const cachePath = fetcher.getTarballMirrorPath(); + expect(cachePath).toBe(path.join('test', '@types-events-3.0.0.tgz')); +}); + test('TarballFetcher.fetch properly stores tarball for scoped package resolved from artifactory registry', async () => { const dir = await mkdir('tarball-fetcher'); const offlineMirrorDir = await mkdir('offline-mirror'); diff --git a/src/fetchers/tarball-fetcher.js b/src/fetchers/tarball-fetcher.js index b3d76c8bba..4f65dad7db 100644 --- a/src/fetchers/tarball-fetcher.js +++ b/src/fetchers/tarball-fetcher.js @@ -18,7 +18,7 @@ const gunzip = require('gunzip-maybe'); const invariant = require('invariant'); const ssri = require('ssri'); -const RE_URL_NAME_MATCH = /\/(?:(@[^/]+)\/)?[^/]+\/(?:-|_attachments)\/(?:@[^/]+\/)?([^/]+)$/; +const RE_URL_NAME_MATCH = /\/(?:(@[^/]+)(?:\/|%2f))?[^/]+\/(?:-|_attachments)\/(?:@[^/]+\/)?([^/]+)$/; const isHashAlgorithmSupported = name => { const cachedResult = isHashAlgorithmSupported.__cache[name]; From 53d8004229f543f342833310d5af63a4b6e59c8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sun, 1 Sep 2019 16:38:51 +0200 Subject: [PATCH 22/49] Fixes link:. (#7512) * Fixes link:. * Update CHANGELOG.md --- CHANGELOG.md | 8 ++++---- src/resolvers/exotics/link-resolver.js | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a3649cf249..4c0c9b6b56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,9 +8,9 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa [#7499](https://github.com/yarnpkg/yarn/pull/7499) - [**xv2**](https://github.com/xv2) -- Update fixture certificates to prevent false negatives during testing +- Fixes using `link:.` to refer to the package folder - [#7457](https://github.com/yarnpkg/yarn/pull/7457) - [**Thomas Jouannic**](https://github.com/eilgin) + [#7512](https://github.com/yarnpkg/yarn/pull/7512) - [**Maël Nison**](https://twitter.com/arcanis) - Runs the `prepare` lifecycle of git dependencies even if `NODE_ENV` is set to `production`. @@ -19,7 +19,7 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa - Fixes the `postversion` lifecycle method not being called when using `--no-git-tag-version`. [#7154](https://github.com/yarnpkg/yarn/pull/7154) - [**Hampus Tågerud**](https://github.com/hampustagerud) - + - Ignores potentially large vscode keys in package.json to avoid E2BIG errors. [#7419](https://github.com/yarnpkg/yarn/pull/7419) - [**Eric Amodio**](https://twitter.com/eamodio) @@ -71,7 +71,7 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa - Exposes the script environment variables to `yarn create` spawned processes. [#7127](https://github.com/yarnpkg/yarn/pull/7127) - [**Eli Perelman**](https://github.com/eliperelman) - + - Prevents EPIPE errors from being printed. [#7194](https://github.com/yarnpkg/yarn/pull/7194) - [**Abhishek Reddy**](https://github.com/arbscht) diff --git a/src/resolvers/exotics/link-resolver.js b/src/resolvers/exotics/link-resolver.js index a49d52ba8d..f507700fc7 100644 --- a/src/resolvers/exotics/link-resolver.js +++ b/src/resolvers/exotics/link-resolver.js @@ -30,7 +30,7 @@ export default class LinkResolver extends ExoticResolver { const name = path.basename(loc); const registry: RegistryNames = 'npm'; - const manifest: Manifest = !await fs.exists(`${loc}/package.json`) + const manifest: Manifest = !await fs.exists(`${loc}/package.json`) || loc === this.config.lockfileFolder ? {_uid: '', name, version: '0.0.0', _registry: registry} : await this.config.readManifest(loc, this.registry); From 1bdb15afe6dc2a727e8f81096306ecd3770feff4 Mon Sep 17 00:00:00 2001 From: Nick McCurdy Date: Wed, 18 Sep 2019 06:38:55 -0400 Subject: [PATCH 23/49] Preserve linked packages in create command (#7543) * Preserve linked packages in create command * Update changelog * Warn when using linked package * Update CHANGELOG.md * Update link-resolver.js --- CHANGELOG.md | 4 ++++ src/cli/commands/create.js | 9 ++++++++- src/resolvers/exotics/link-resolver.js | 7 ++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c0c9b6b56..c0c8e7d1f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Preserves linked packages when calling `yarn create` + + [#7543](https://github.com/yarnpkg/yarn/pull/7543) - [**Nick McCurdy**](https://github.com/nickmccurdy) + - Fixes the offline mirror filenames when using Verdaccio [#7499](https://github.com/yarnpkg/yarn/pull/7499) - [**xv2**](https://github.com/xv2) diff --git a/src/cli/commands/create.js b/src/cli/commands/create.js index cdbcc0ad8c..49b81ac5f7 100644 --- a/src/cli/commands/create.js +++ b/src/cli/commands/create.js @@ -5,6 +5,7 @@ import {MessageError} from '../../errors.js'; import type {Reporter} from '../../reporters/index.js'; import * as child from '../../util/child.js'; import {makeEnv} from '../../util/execute-lifecycle-script'; +import * as fs from '../../util/fs.js'; import {run as runGlobal, getBinFolder} from './global.js'; const path = require('path'); @@ -58,7 +59,13 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg } const {fullName: packageName, name: commandName} = coerceCreatePackageName(builderName); - await runGlobal(config, reporter, {}, ['add', packageName]); + + const linkLoc = path.join(config.linkFolder, commandName); + if (await fs.exists(linkLoc)) { + reporter.info(reporter.lang('linkUsing', packageName)); + } else { + await runGlobal(config, reporter, {}, ['add', packageName]); + } const binFolder = await getBinFolder(config, {}); const command = path.resolve(binFolder, commandName); diff --git a/src/resolvers/exotics/link-resolver.js b/src/resolvers/exotics/link-resolver.js index f507700fc7..cc27abc8ea 100644 --- a/src/resolvers/exotics/link-resolver.js +++ b/src/resolvers/exotics/link-resolver.js @@ -30,9 +30,10 @@ export default class LinkResolver extends ExoticResolver { const name = path.basename(loc); const registry: RegistryNames = 'npm'; - const manifest: Manifest = !await fs.exists(`${loc}/package.json`) || loc === this.config.lockfileFolder - ? {_uid: '', name, version: '0.0.0', _registry: registry} - : await this.config.readManifest(loc, this.registry); + const manifest: Manifest = + !await fs.exists(`${loc}/package.json`) || loc === this.config.lockfileFolder + ? {_uid: '', name, version: '0.0.0', _registry: registry} + : await this.config.readManifest(loc, this.registry); manifest._remote = { type: 'link', From 7496345f5436b08033f003ec0b847de7e27a326c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 18 Sep 2019 13:36:50 +0200 Subject: [PATCH 24/49] Adds a message when people use PnP (#7556) * Adds a message when people use PnP * Update en.js --- CHANGELOG.md | 4 ++++ src/cli/commands/install.js | 5 +++++ src/reporters/lang/en.js | 3 +++ 3 files changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0c8e7d1f4..6c9a7c890d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Suggests using the Yarn 2 development trunk on PnP-enabled projects + + [#7512](https://github.com/yarnpkg/yarn/pull/7512) - [**Maël Nison**](https://twitter.com/arcanis) + - Preserves linked packages when calling `yarn create` [#7543](https://github.com/yarnpkg/yarn/pull/7543) - [**Nick McCurdy**](https://github.com/nickmccurdy) diff --git a/src/cli/commands/install.js b/src/cli/commands/install.js index af3f64f56a..bbe044fc35 100644 --- a/src/cli/commands/install.js +++ b/src/cli/commands/install.js @@ -560,6 +560,11 @@ export class Install { this.reporter.warn(this.reporter.lang('npmLockfileWarning')); } + if (this.config.plugnplayEnabled) { + this.reporter.info(this.reporter.lang('plugnplaySuggestV2L1')); + this.reporter.info(this.reporter.lang('plugnplaySuggestV2L2')); + } + let flattenedTopLevelPatterns: Array = []; const steps: Array<(curr: number, total: number) => Promise<{bailout: boolean} | void>> = []; const { diff --git a/src/reporters/lang/en.js b/src/reporters/lang/en.js index 816446cdfd..410aca85e3 100644 --- a/src/reporters/lang/en.js +++ b/src/reporters/lang/en.js @@ -361,6 +361,9 @@ const messages = { unplugDisabled: "Packages can only be unplugged when Plug'n'Play is enabled.", + plugnplaySuggestV2L1: "Plug'n'Play support has been greatly improved on the Yarn v2 development branch.", + plugnplaySuggestV2L2: + 'Please give it a try and tell us what you think! - https://next.yarnpkg.com/getting-started/install', plugnplayWindowsSupport: "Plug'n'Play on Windows doesn't support the cache and project to be kept on separate drives", packageInstalledWithBinaries: 'Installed $0 with binaries:', From 53783b50efb7b070eb5b2ab8777c30cb8f8a9a9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 18 Sep 2019 13:37:02 +0200 Subject: [PATCH 25/49] Adds an undocumented run hook (#7557) * Adds an undocumented run hook * Fixes lint --- src/cli/commands/run.js | 7 +++++-- src/util/hooks.js | 8 ++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/cli/commands/run.js b/src/cli/commands/run.js index 47451f5c6b..8226636765 100644 --- a/src/cli/commands/run.js +++ b/src/cli/commands/run.js @@ -4,6 +4,7 @@ import type {Reporter} from '../../reporters/index.js'; import type Config from '../../config.js'; import {execCommand, makeEnv} from '../../util/execute-lifecycle-script.js'; import {dynamicRequire} from '../../util/dynamic-require.js'; +import {callThroughHook} from '../../util/hooks.js'; import {MessageError} from '../../errors.js'; import {checkOne as checkCompatibility} from '../../package-compatibility.js'; import * as fs from '../../util/fs.js'; @@ -91,9 +92,11 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg } } - async function runCommand(args): Promise { - const action = args.shift(); + function runCommand([action, ...args]): Promise { + return callThroughHook('runScript', () => realRunCommand(action, args), {action, args}); + } + async function realRunCommand(action, args): Promise { // build up list of commands const cmds = []; diff --git a/src/util/hooks.js b/src/util/hooks.js index 90cd57b4a2..e3649d99a8 100644 --- a/src/util/hooks.js +++ b/src/util/hooks.js @@ -1,10 +1,10 @@ /* @flow */ -export type YarnHook = 'resolveStep' | 'fetchStep' | 'linkStep' | 'buildStep' | 'pnpStep' | 'auditStep'; +export type YarnHook = 'resolveStep' | 'fetchStep' | 'linkStep' | 'buildStep' | 'pnpStep' | 'auditStep' | 'runScript'; const YARN_HOOKS_KEY = 'experimentalYarnHooks'; -export function callThroughHook(type: YarnHook, fn: () => T): T { +export function callThroughHook(type: YarnHook, fn: () => T, context?: any): T { if (typeof global === 'undefined') { return fn(); } @@ -13,11 +13,11 @@ export function callThroughHook(type: YarnHook, fn: () => T): T { return fn(); } - const hook: (() => T) => T = global[YARN_HOOKS_KEY][type]; + const hook: (() => T, context?: any) => T = global[YARN_HOOKS_KEY][type]; if (!hook) { return fn(); } - return hook(fn); + return hook(fn, context); } From 1d90e07fc97d615468f2c82d35fcdba5b59998f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 18 Sep 2019 13:42:14 +0200 Subject: [PATCH 26/49] Fixes link self (#7558) --- src/util/normalize-manifest/resolve-relative.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/util/normalize-manifest/resolve-relative.js b/src/util/normalize-manifest/resolve-relative.js index 5617f59a0b..5535cff40c 100644 --- a/src/util/normalize-manifest/resolve-relative.js +++ b/src/util/normalize-manifest/resolve-relative.js @@ -44,7 +44,9 @@ export default function(info: Object, moduleLoc: string, lockfileFolder: string) const absoluteTarget = path.resolve(lockfileFolder, moduleLoc, unprefixed); let relativeTarget = path.relative(lockfileFolder, absoluteTarget) || '.'; - if (hasPathPrefix) { + if (absoluteTarget === lockfileFolder) { + relativeTarget = '.'; + } else if (hasPathPrefix) { // TODO: This logic should be removed during the next major bump // If the original value was using the "./" prefix, then we output a similar path. // We need to do this because otherwise it would cause problems with already existing From fea852b48db739d846a8f8414db576e4685b8af3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 18 Sep 2019 14:13:06 +0200 Subject: [PATCH 27/49] Disables Azure / Node8+Windows for now --- azure-pipelines.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index c625c8a030..c7b5e0e000 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -8,8 +8,9 @@ jobs: strategy: matrix: - node_8_x: - node_version: 8.x +# Azure is currently timeouting a lot on Win / Node 8 +# node_8_x: +# node_version: 8.x node_10_x: node_version: 10.x @@ -48,4 +49,4 @@ jobs: node_version: 10.x steps: - - template: scripts/azure-run-tests.yml \ No newline at end of file + - template: scripts/azure-run-tests.yml From c08d0e31d769bf18680f86f0ffd8efcc56fb4c61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Mon, 23 Sep 2019 14:13:32 +0200 Subject: [PATCH 28/49] v1.18.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c88e3f7102..35d05f82b4 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "yarn", "installationMethod": "unknown", - "version": "1.18.0-0", + "version": "1.18.0", "license": "BSD-2-Clause", "preferGlobal": true, "description": "📦🐈 Fast, reliable, and secure dependency management.", From a14fc439ec02445aa59fa2e4a7e382061a424be5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Mon, 23 Sep 2019 14:13:35 +0200 Subject: [PATCH 29/49] 1.19.0-0 --- package.json | 2 +- src/lockfile/index.js | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 35d05f82b4..74beac72fb 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "yarn", "installationMethod": "unknown", - "version": "1.18.0", + "version": "1.19.0-0", "license": "BSD-2-Clause", "preferGlobal": true, "description": "📦🐈 Fast, reliable, and secure dependency management.", diff --git a/src/lockfile/index.js b/src/lockfile/index.js index 808cc81943..ab6e9f970c 100644 --- a/src/lockfile/index.js +++ b/src/lockfile/index.js @@ -179,6 +179,11 @@ export default class Lockfile { reporter.info(reporter.lang('noLockfileFound')); } + if (lockfile.__metadata) { + const lockfilev2 = lockfile; + lockfile = {}; + } + return new Lockfile({cache: lockfile, source: rawLockfile, parseResultType: parseResult && parseResult.type}); } From 061a3d81d410a6803220df3dcef20effee7852bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Mon, 23 Sep 2019 14:14:18 +0200 Subject: [PATCH 30/49] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c9a7c890d..0a0f276362 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ Please add one entry in this file for each change in Yarn's behavior. Use the same format for all entries, including the third-person verb. Make sure you don't add more than one line of text to keep it clean. Thanks! -## Master +## 1.18.0 - Suggests using the Yarn 2 development trunk on PnP-enabled projects From b29af010c6be5a6a981c5feb6cfca7d31254d529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Mon, 23 Sep 2019 14:14:30 +0200 Subject: [PATCH 31/49] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a0f276362..df560128bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ Please add one entry in this file for each change in Yarn's behavior. Use the same format for all entries, including the third-person verb. Make sure you don't add more than one line of text to keep it clean. Thanks! +## Master + ## 1.18.0 - Suggests using the Yarn 2 development trunk on PnP-enabled projects From 431a9e96405f43a60b3ffa3034921ec8d321a403 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Fri, 27 Sep 2019 23:38:59 +0200 Subject: [PATCH 32/49] Fixes flow linting --- src/config.js | 7 ++++++- src/lockfile/index.js | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/config.js b/src/config.js index 2fdf5ff162..10b6c9d8a0 100644 --- a/src/config.js +++ b/src/config.js @@ -17,6 +17,7 @@ import {registries, registryNames} from './registries/index.js'; import {NoopReporter} from './reporters/index.js'; import map from './util/map.js'; +const crypto = require('crypto'); const detectIndent = require('detect-indent'); const invariant = require('invariant'); const path = require('path'); @@ -508,7 +509,7 @@ export default class Config { slug = `unknown-${slug}`; } - const {hash} = pkg.remote; + const {hash, integrity} = pkg.remote; if (pkg.version) { slug += `-${pkg.version}`; @@ -520,6 +521,10 @@ export default class Config { slug += `-${hash}`; } + if (integrity != null) { + slug += `-${crypto.createHash('sha1').update(integrity).digest('hex')}`; + } + return slug; } diff --git a/src/lockfile/index.js b/src/lockfile/index.js index ab6e9f970c..5926106dfb 100644 --- a/src/lockfile/index.js +++ b/src/lockfile/index.js @@ -179,7 +179,7 @@ export default class Lockfile { reporter.info(reporter.lang('noLockfileFound')); } - if (lockfile.__metadata) { + if (lockfile && lockfile.__metadata) { const lockfilev2 = lockfile; lockfile = {}; } From 9322e76fba6a83696ec7104c1af3111ab58a0fff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 00:10:07 +0200 Subject: [PATCH 33/49] Fixes tests --- src/config.js | 6 ++---- src/constants.js | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/config.js b/src/config.js index 10b6c9d8a0..0caee02469 100644 --- a/src/config.js +++ b/src/config.js @@ -517,14 +517,12 @@ export default class Config { if (pkg.uid && pkg.version !== pkg.uid) { slug += `-${pkg.uid}`; + } else if (integrity != null) { + slug += `-${crypto.createHash('sha1').update(integrity.toString()).digest('hex')}`; } else if (hash) { slug += `-${hash}`; } - if (integrity != null) { - slug += `-${crypto.createHash('sha1').update(integrity).digest('hex')}`; - } - return slug; } diff --git a/src/constants.js b/src/constants.js index cb4f587288..5ff07af051 100644 --- a/src/constants.js +++ b/src/constants.js @@ -28,7 +28,7 @@ export const YARN_INSTALLER_MSI = 'https://yarnpkg.com/latest.msi'; export const SELF_UPDATE_VERSION_URL = 'https://yarnpkg.com/latest-version'; // cache version, bump whenever we make backwards incompatible changes -export const CACHE_VERSION = 4; +export const CACHE_VERSION = 5; // lockfile version, bump whenever we make backwards incompatible changes export const LOCKFILE_VERSION = 1; From 29a8c583179ec77b5fdcdd3ce348bbe08ecd2abf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 02:01:18 +0200 Subject: [PATCH 34/49] Fixes the problem another way --- __tests__/commands/install/integration.js | 6 +- .../corrupted-meta-empty/.yarn-metadata.json | 0 .../corrupted-meta-not-existing/.gitkeep | 0 .../corrupted-meta-typo/.yarn-metadata.json | 0 .../node_modules/good/.yarn-metadata.json | 0 .../package.json.bin | 61 ++++++++++++++++++ .../GET/registry.yarnpkg.com/is-pnp.bin | 18 ++++++ .../is-pnp/-/is-pnp-1.0.2.tgz.bin | Bin 0 -> 2045 bytes src/config.js | 12 ++-- 9 files changed, 89 insertions(+), 8 deletions(-) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v4 => v5}/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json (100%) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v4 => v5}/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep (100%) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v4 => v5}/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json (100%) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v4 => v5}/good/node_modules/good/.yarn-metadata.json (100%) create mode 100644 __tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin create mode 100644 __tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin create mode 100644 __tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin diff --git a/__tests__/commands/install/integration.js b/__tests__/commands/install/integration.js index e969e2a9ee..146c96065a 100644 --- a/__tests__/commands/install/integration.js +++ b/__tests__/commands/install/integration.js @@ -245,7 +245,7 @@ test('changes the cache path when bumping the cache version', () => }); })); -test('changes the cache directory when bumping the cache version', () => +test.skip('changes the cache directory when bumping the cache version', () => runInstall({}, 'install-production', async (config, reporter): Promise => { const lockfile = await Lockfile.fromDirectory(config.cwd); @@ -795,7 +795,7 @@ test('install should fail with unsupported algorithms', () => message: expect.stringContaining('none of the specified algorithms are supported'), })); -test.concurrent('install should update integrity in yarn.lock (--update-checksums)', () => +test('install should update integrity in yarn.lock (--update-checksums)', () => runInstall({updateChecksums: true}, 'install-update-checksums', async config => { const lockFileLines = explodeLockfile(await fs.readFile(path.join(config.cwd, 'yarn.lock'))); expect(lockFileLines[3]).toEqual( @@ -806,7 +806,7 @@ test.concurrent('install should update integrity in yarn.lock (--update-checksum }), ); -test.concurrent('install should update malformed integrity string in yarn.lock (--update-checksums)', () => +test('install should update malformed integrity string in yarn.lock (--update-checksums)', () => runInstall({updateChecksums: true}, 'install-update-checksums-malformed', async config => { const lockFileLines = explodeLockfile(await fs.readFile(path.join(config.cwd, 'yarn.lock'))); expect(lockFileLines[3]).toEqual( diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v4/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json b/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v4/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v4/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep b/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v4/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v4/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json b/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v4/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v4/good/node_modules/good/.yarn-metadata.json b/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/good/node_modules/good/.yarn-metadata.json similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v4/good/node_modules/good/.yarn-metadata.json rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v5/good/node_modules/good/.yarn-metadata.json diff --git a/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin b/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin new file mode 100644 index 0000000000..749fa66b15 --- /dev/null +++ b/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin @@ -0,0 +1,61 @@ +HTTP/1.1 200 OK +Server: nginx +Date: Fri, 27 Sep 2019 23:51:06 GMT +Content-Type: text/plain; charset=utf-8 +Content-Length: 1181 +Cache-Control: max-age=3600, public +Content-Disposition: inline +Etag: W/"78309fbf8af4479c47eca65b0c5e3f51" +Referrer-Policy: strict-origin-when-cross-origin +X-Content-Type-Options: nosniff +X-Download-Options: noopen +X-Frame-Options: DENY +X-Permitted-Cross-Domain-Policies: none +X-Request-Id: graoMBsFby9 +X-Runtime: 0.066962 +X-Ua-Compatible: IE=edge +X-Xss-Protection: 1; mode=block +Strict-Transport-Security: max-age=31536000 +Referrer-Policy: strict-origin-when-cross-origin +GitLab-LB: fe-02-lb-gprd +GitLab-SV: web-14-sv-gprd + +{ + "name": "kanban", + "version": "0.0.1", + "repository": "gitlab.com/leanlabsio/kanban", + "scripts": { + "install": "npm install", + "build": "grunt build", + "watch": "grunt watch" + }, + "devDependencies": { + "grunt": "~0.4.1", + "grunt-cli": "~0.1.13", + "grunt-contrib-copy": "^0.5.0", + "grunt-contrib-concat": "~0.5.0", + "grunt-contrib-watch": "~0.5.3", + "grunt-contrib-uglify": "~0.7.0", + "grunt-sass": "1.0.0", + "grunt-contrib-connect": "~0.8.0", + "grunt-connect-proxy": "~0.1.11" + }, + "dependencies": { + "angular": "=1.5.6", + "angular-lodash": "https://github.com/EMSSConsulting/angular-lodash.git#68a726c", + "foundation-sites": "5.5.2", + "angular-foundation": "https://github.com/pineconellc/angular-foundation.git#8f3f260", + "angular-loading-bar": "=0.5.2", + "angular-storage": "=0.0.6", + "angular-ui-router": "=0.3.0", + "angularjs-datepicker": "=0.2.15", + "font-awesome": "=4.6.3", + "markdown-it": "=5.0.2", + "markdown-it-emoji": "=1.1.0", + "ng-sortable": "=1.3.6", + "sass-flex-mixin": "=1.0.3", + "lodash": "=4.13.1", + "twemoji": "=2.1.0", + "angular-file-upload": "=2.3.4" + } +} diff --git a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin new file mode 100644 index 0000000000..0a74886059 --- /dev/null +++ b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin @@ -0,0 +1,18 @@ +HTTP/1.1 200 OK +Date: Fri, 27 Sep 2019 22:17:23 GMT +Content-Type: application/vnd.npm.install-v1+json +Content-Length: 4072 +Connection: keep-alive +Set-Cookie: __cfduid=dadfb9c119f3195f6f00e4492573791c41569622642; expires=Sat, 26-Sep-20 22:17:22 GMT; path=/; domain=.registry.yarnpkg.com; HttpOnly +CF-Cache-Status: REVALIDATED +Cache-Control: max-age=300 +CF-Ray: 51d0d8eac82f3c81-CDG +Accept-Ranges: bytes +ETag: "49fffc656197ace1f624570132931c23" +Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" +Last-Modified: Thu, 01 Nov 2018 01:11:09 GMT +Vary: accept-encoding, accept +x-amz-meta-rev: 3-72d30e72712ca5e8a55f6613d7a30236 +Server: cloudflare + +{"versions":{"1.0.0":{"name":"is-pnp","version":"1.0.0","bin":{"is-pnp":"./bin.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"47d3d7151df242eb7ca4768fc2e7f6228871899a","integrity":"sha512-Lx0Sh5h20HtLz+xnlh4NRhQ6w231tGN4yuU3oBi6vn7oSbiIk2V4sqoIn00bczm9ojwkFPzzFUeSOIKEgYpszA==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.0.tgz","fileCount":5,"unpackedSize":2268,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lGmCRA9TVsSAnZWagAARHYP/1botUA//2RoqJEP3nHB\nnQ0G1qhSYL685aLgZTWJW9pS3ucPzxxeofbnByOsbSjUqycwsHBqL/DDeYsq\nz3b0dmfcfESK+CSafYECSnj8kPJH5N5VU2UXs+A+wLEM0D0nSe4wfJLVptA0\nrOpeYrkfwX8ZC1EGLGvQM4cMqpk3Ji6RBZHtD0U/ttYR3A0vP5P76oO2/tBl\n3QSK3nJSpU83OkMBPVY3hnDrGkCjJqwvcqWoWUG0/BtHS5KYD99yrxFAzT5f\nMhtqCZiediDcGtrMhP5b0VAkqdrwFPg/tZPpgqYCevR+2ipWhkxhD0Z4yyx1\n2AuJnEoQKRiBiFPIv5aiJZD9Jj00iey4tdQ1NcXnRtAA16Lo0t4MX/OnkyJW\nBfcSd795mVpe4AO9u6bqMDZfkQrBRunxa7OKKCEXUGihm0YNtTWKat5ym1ia\n9H9Bwlgm3GoFAuHQMu07ZEwidLpWoQfjrTUOufw+/rKNSIRoMNuL3Z/8i4Hj\nazYRMgdzb9rkf6+F7LLJKnyZaDY/bS/KIb61LdkfkX8JCcKUfhVAd5KIvI4e\nAwLAUfHwWM2u2smbexFzvgvXnNFmVrcCGBbMcIrQ+JfiJ+izFVJ7YyLY+Fpt\nwxbV0Vug6gyYDyDtjFCdeL2wFmgR3+nASXWFY4CZ+ZoFX+ontSZ4U5b9PTIs\n1ojq\r\n=DAoM\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}},"1.0.1":{"name":"is-pnp","version":"1.0.1","bin":{"is-pnp":"./sources/cli.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"ec0e4e443287214ce90bcb6fcd112d20de51f120","integrity":"sha512-uwFQ9SabYoNJwZnDqHUs+WTPvegmoLHjVQqkX4+MiKSjhRBRk+n/zKBAex4yvWnzbN352W7FUuYX8L5yEVmiVA==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.1.tgz","fileCount":5,"unpackedSize":2276,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lJICRA9TVsSAnZWagAAX2IP/jE0+3aAdO7cu9DXNJnb\njoi3rDo8CRfARhWbJRhUj7omDxeP37U3dIIkK69AL8XZSPPUQ8o2uH1AOjZB\niI8cp0IX4bgalRXzEWPj3v8l3z6/BwJoUXy7N5ugdxron+AYj4kS4I1jI6Pa\nUo3z096sc8zAgXFE00RiKwUBGNw+4xpg0yVri/vXpezsahi8r4qZbrc9/hr3\nWzoIK6GwQnGpn5FEhdiuPbB0QiZvalYHn5v2IWtMpQG4ed6jM/vSBAqKqkFv\n95McUD13wz7iJ59BaJHwbypD/WFWz34ZBPZ8QpONk6UAJ2IZwh6J2Wj44k7a\nNtiEj3xo3A5stikfELI//H0AruTI6sSI++EJ8YvHQUj73s6kG0Z/FzPptgKp\nKYLSqXNAC/zHiId1s7uj+jsCLXIm4G2bPQUTsDMfejDS6TfjAVO2COxRF34q\ncLGzYFL1/R+/hO4ckoLl7vz6Vm/zSlMaxZPDUFDy8d0ScxHZOL+760cdIhjT\nr1XGyXAmyjGLWTHvA6sE5X0H0PgghQErsLYXi679KBdnZjN2+Xcmv0pNIqbg\nwS7SBjV+KGpc1PnwtZdfvZcegvY+252zsBvRye9/hcQ0Rdmetbod8XicA3Bw\nuTLC2N9opHeTI7a9bKrACXkSApJftjzYSfnycb27r9bgIAY6BeNhr7JFEMKV\nnxUD\r\n=8Blc\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}},"1.0.2":{"name":"is-pnp","version":"1.0.2","bin":{"is-pnp":"./sources/cli.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"cbe5d6ad751897822fd92539ac5cfa37c04f3852","integrity":"sha512-BzoewUq0EZFJYKlYpObv2xRdTRJQXwMLbk2Y5l8Dhl0EQGPhdPrSdBlQaAT46gIKjAkNBNScDiUDbuBCTDNCsQ==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.2.tgz","fileCount":5,"unpackedSize":2282,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lKpCRA9TVsSAnZWagAAkFcP+QHfioEIu01ww57y/Jnw\neOtM4JPvx0hDMKxMBKSyvVHmjZKwqxvkAnqdyybHts7i6auvuuMKDO43oaRO\n5GY5i/u29arwBKnPgeVrC6TUnbVxiSP4KBtfzRs3YCXbQ0MfSPmXiH4nzzi/\ngWeNGutgCAbefJjB0eahVCUgO7DL+sM8kEt2iNSDM1gKUDSVq5yvsZD20tX+\n/60eLG4xtz/2zXDKjoqo+DZtvW9kdLJ6TlvbDU1mt1OBSzkTiakIe1XXymVT\n+gRC0QGKGMP+YJG+VothHez/JAagl/92c/JDsb54HkW/OkUKCHFyUAw0P3h1\n46p0vEr54rHa7wT6O0fKg7q+MN1mMOKR3wO258LQW20n+DQJK1hxcJOkk+xf\n6iOa2d6Ywox9yT9B/V555BEZ2fYbnNb4gw+oo3/YyJcZ1Ooadt5kvEyDb67+\ntOaOMBXZh7/FR8EghwBBqlOndWCD4OQYVXVCwIdf/PFyUtB1+Obd4/1H+Dkw\nmg01pi7jYHG8mKLIMNdjggWi966nJ3fZqBDLW0eRtFzCbe+8VSOPKGRSHHnI\n99SD9oY/dgmimcakZ3hInuGlMGf0UrSLjHwi24y0ae1O0AlnQz0bXU0qHAH2\nH/Npr3zjOcAULwvHqtu2l1mNv/PX8GtafyybiMaXBcERearcUN/48tbvcbFX\nZmBP\r\n=z5fE\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}}},"name":"is-pnp","dist-tags":{"latest":"1.0.2"},"modified":"2018-11-01T01:11:07.975Z"} \ No newline at end of file diff --git a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin new file mode 100644 index 0000000000000000000000000000000000000000..083e13e41539160aa705bc126d13d1808b5bd6f1 GIT binary patch literal 2045 zcmY*XX;f3!8YLj=iv|JF8Wp*yU|I+n$#5Z7h%(Pc6sX|!=4KE`Lb#v^HVufNK)`_p zP)tRhZBc4*2&|_ff}{Z&1qB2ZjUvTrv<_7qNiV*)mg}8gXYI4U@7sHSCqy8Kq0oG2 z0G&z&qQeRJ)ewq+K#)@E4ba)ZT10`p(6|7d4${~lodE<#3J7?9683IqyK_C@D6l5q(nvD?fYq3hc zT%Ib$dZwhnB4L(P$P)?~ECvmtAqb7b@%3ejL|i69<*=zj1YxkbOcBkO#bwdyEGEMb zK(;BQN+grF7D6%kEHWmaOsD>zct1b^p%Na&4-m@JA*qb#qeR3~OmL1*4y2SRQpG;7 zJlzinK~Y7tEG-9<8${+qummBmMIkgR69hs+ry}?SO$DKpr-48^w2cgj5gwC)1xfu> z6bI#ifG<;}9ioaDFo#CwuMQ^Q17H|YpyW76CPuJ^n{!Yk6GO$AaXO7kr85cm zH3CQs0!wKy8(}e6G$xzHLO2`_1Tz>cuCEA&H*?vLh`AJFZc|`slKFzqDp*t|hf4JZ zl!!vEM9Eo7DQ~F+Gn5HZD4#JOI8B}<6s18*WXdxI7Rt!5SW4N9KrpsSEX=9CFpABH zfHF~Xq+BQ!Nf99k2qanF0F?$r$+M@v2M4=@G#W_d{`Y&tLrTp0|4got!C0M4JhfkC zHlhT9&tnOA0^Y4;rp>1__sNEPvRf?2r*dBB0I~OSjE9$IBhW!7>EmXd_Tb0Y*soC= zozoeWp#cZ(6ZvkEp`H*o-b1PgQx9qSbA0Oc6;G)6u?uPHX{abE{)l!@GlOcp_NS z6tM(n_p*=2eS7O&bNQ{oW0Q?h%_XnC)}LTKa#Q!{9(bL!;$oir!_~)X19UFSeWsn5 zU%#PZu_3KA5%8`#wj6iZZnUtUZVWe&4tCUNxy76x6Wp0kUR}T8oz(8yWj|&y-K!(f zGq%*AT=wPseN3n6W1cswwu%Z+*p~ld0^rX;?(*+FQ@8r$PB`_l$({2M(#MT>qqTw3TFTPBFJ2S&+-e$yEH3d53%t z-XtcLg|^lQ_J{Hv=^H!z%Qpl#yNbB(ZQ`mQNV>VMcun451+-a#)6I8UXIWNCN(%1@ zoFDrvp=pn@&KMl{tSac?oRWoFdP749qsAFmw1CL;e6`20*ETfdfGq-KEvgK2r_3_$ zCMg$&yMYTkrPU!0i?YJBXM!qv*4gev6Y-_1Ui3p_j6P6U*Vs-!Tq*8An3O_O!RDcdML|ht+mZry11N?k9dbBtvr-v(Xl1hgwCnO`N9x zBDp|?({Ckw-IAO#WBj)abA+dPhFN3a-?+rR@t8n)|I38)m5kc)A}X4}K6<@({dZ@* zZd8Yem#uh6P)Ky=`0Vq8_u2`(KVRC`-lXaadY^1`cw%GFUK-MIX5I~MKKyv&wBq}v ziz!UUdE;$4g?3f5E%#yqhPB3(F(0;1z5x{}4uK2abhH-iA9tXizFHJzUl{Oem)`H% z5qY^qt4SO?s$Eq*VEJXbrY6vTk?KP4D;_cE>O{Lu5g0_=IT3#H_U@wvt}Sz`D@xje zC+M{;?dziywc~oN{QFX!hxAb3(Jf}eg__1Wi{c<6d2|~?SMkWW{_(z% zOgQn1u1P$~OzhD+LrItQF|{(5&oKenH$pwW+<&+#BP`=(dViL7zvr8?BfmSde(NY} z8{U(>#`P-s+EdFp8Q;`;ys@cs@9c>)0$G$QGtD?AaQ#^4ulaSP`j&fi&s&X^9&Oz_ zBd^%GD?P&)YOp77YrT`5c!JS6>%xH1tq?J0C9RToZSQ=!TB-VImb;Ewc36q=yO0gq z#?aE_vOAK$Uh76qMzHQ$-}&abl$QU;+62C^UOewSbk~|UefVe9N8;p}1#S%&2To-_ zy1TL|@%^Ng`@sBj!k*igv(xUU;b3a&B_`$yB_q&?37c2-R Q<=6)tvHz^mX0eUUKUe8?`v3p{ literal 0 HcmV?d00001 diff --git a/src/config.js b/src/config.js index 0caee02469..b0ca8fdbe8 100644 --- a/src/config.js +++ b/src/config.js @@ -509,16 +509,18 @@ export default class Config { slug = `unknown-${slug}`; } - const {hash, integrity} = pkg.remote; + const {hash, resolved} = pkg.remote; if (pkg.version) { slug += `-${pkg.version}`; } - if (pkg.uid && pkg.version !== pkg.uid) { - slug += `-${pkg.uid}`; - } else if (integrity != null) { - slug += `-${crypto.createHash('sha1').update(integrity.toString()).digest('hex')}`; + if (resolved) { + if (hash) { + slug += `-${crypto.createHmac('sha1', resolved).update(hash).digest('hex')}`; + } else { + slug += `-${crypto.createHash('sha1').update(resolved).digest('hex')}`; + } } else if (hash) { slug += `-${hash}`; } From fa746451eeae79ec35e87bbec14576d6831984fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 16:06:25 +0200 Subject: [PATCH 35/49] Validation fix (#7582) * Validates both checksum and integrity * Adds a test * Revert "Fixes the problem another way" This reverts commit 29a8c583179ec77b5fdcdd3ce348bbe08ecd2abf. * Revert "Fixes tests" This reverts commit 9322e76fba6a83696ec7104c1af3111ab58a0fff. * Revert "Fixes flow linting" This reverts commit 431a9e96405f43a60b3ffa3034921ec8d321a403. * Fixes flow * Back to v5 we are --- __tests__/commands/install/integration.js | 11 +++- .../install-update-auth-sha1/yarn.lock | 2 +- .../package.json | 14 ++++ .../invalid-checksum-good-integrity/yarn.lock | 8 +++ .../package.json.bin | 61 ------------------ .../GET/registry.yarnpkg.com/is-pnp.bin | 18 ------ .../is-pnp/-/is-pnp-1.0.2.tgz.bin | Bin 2045 -> 0 bytes .../ponyhooves/-/ponyhooves-1.0.1.tgz.bin | Bin 0 -> 1742 bytes src/config.js | 11 +--- src/fetchers/tarball-fetcher.js | 54 ++++++++++------ src/package-fetcher.js | 22 ++++++- 11 files changed, 89 insertions(+), 112 deletions(-) create mode 100644 __tests__/fixtures/install/invalid-checksum-good-integrity/package.json create mode 100644 __tests__/fixtures/install/invalid-checksum-good-integrity/yarn.lock delete mode 100644 __tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin delete mode 100644 __tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin delete mode 100644 __tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin create mode 100644 __tests__/fixtures/request-cache/GET/registry.yarnpkg.com/ponyhooves/-/ponyhooves-1.0.1.tgz.bin diff --git a/__tests__/commands/install/integration.js b/__tests__/commands/install/integration.js index 146c96065a..fc35aadf9e 100644 --- a/__tests__/commands/install/integration.js +++ b/__tests__/commands/install/integration.js @@ -245,7 +245,7 @@ test('changes the cache path when bumping the cache version', () => }); })); -test.skip('changes the cache directory when bumping the cache version', () => +test('changes the cache directory when bumping the cache version', () => runInstall({}, 'install-production', async (config, reporter): Promise => { const lockfile = await Lockfile.fromDirectory(config.cwd); @@ -632,6 +632,11 @@ test('install should be idempotent', () => null, )); +test('install should fail to authenticate integrity with incorrect hash and correct sha512', () => + expect(runInstall({}, 'invalid-checksum-good-integrity')).rejects.toMatchObject({ + message: expect.stringContaining("computed integrity doesn't match our records"), + })); + test('install should authenticate integrity field with sha1 checksums', () => runInstall({}, 'install-update-auth-sha1', async config => { const lockFileContent = await fs.readFile(path.join(config.cwd, 'yarn.lock')); @@ -795,7 +800,7 @@ test('install should fail with unsupported algorithms', () => message: expect.stringContaining('none of the specified algorithms are supported'), })); -test('install should update integrity in yarn.lock (--update-checksums)', () => +test.concurrent('install should update integrity in yarn.lock (--update-checksums)', () => runInstall({updateChecksums: true}, 'install-update-checksums', async config => { const lockFileLines = explodeLockfile(await fs.readFile(path.join(config.cwd, 'yarn.lock'))); expect(lockFileLines[3]).toEqual( @@ -806,7 +811,7 @@ test('install should update integrity in yarn.lock (--update-checksums)', () => }), ); -test('install should update malformed integrity string in yarn.lock (--update-checksums)', () => +test.concurrent('install should update malformed integrity string in yarn.lock (--update-checksums)', () => runInstall({updateChecksums: true}, 'install-update-checksums-malformed', async config => { const lockFileLines = explodeLockfile(await fs.readFile(path.join(config.cwd, 'yarn.lock'))); expect(lockFileLines[3]).toEqual( diff --git a/__tests__/fixtures/install/install-update-auth-sha1/yarn.lock b/__tests__/fixtures/install/install-update-auth-sha1/yarn.lock index 9772bdb613..c53270e9c0 100644 --- a/__tests__/fixtures/install/install-update-auth-sha1/yarn.lock +++ b/__tests__/fixtures/install/install-update-auth-sha1/yarn.lock @@ -4,7 +4,7 @@ abab@^1.0.4: version "1.0.4" - resolved "https://registry.yarnpkg.com/abab/-/abab-1.0.4.tgz#foo" + resolved "https://registry.yarnpkg.com/abab/-/abab-1.0.4.tgz#5faad9c2c07f60dd76770f71cf025b62a63cfd4e" integrity sha1-X6rZwsB/YN12dw9xzwJbYqY8/U4= leftpad@^0.0.1: diff --git a/__tests__/fixtures/install/invalid-checksum-good-integrity/package.json b/__tests__/fixtures/install/invalid-checksum-good-integrity/package.json new file mode 100644 index 0000000000..8c928771a0 --- /dev/null +++ b/__tests__/fixtures/install/invalid-checksum-good-integrity/package.json @@ -0,0 +1,14 @@ +{ + "name": "badpkg", + "version": "1.0.0", + "description": "A bad package", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "UNLICENSED", + "dependencies": { + "express": "4.11.1" + } +} diff --git a/__tests__/fixtures/install/invalid-checksum-good-integrity/yarn.lock b/__tests__/fixtures/install/invalid-checksum-good-integrity/yarn.lock new file mode 100644 index 0000000000..5c2f89fa3b --- /dev/null +++ b/__tests__/fixtures/install/invalid-checksum-good-integrity/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +express@4.11.1: + version "4.11.1" + resolved "https://registry.yarnpkg.com/ponyhooves/-/ponyhooves-1.0.1.tgz#36d04dd27aa1667634e987529767f9c99de7903f" + integrity sha1-5XycPpdtVw+X8ik1bKXW7hPv01g= diff --git a/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin b/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin deleted file mode 100644 index 749fa66b15..0000000000 --- a/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/7f21696fb9d08130dd62abd96c9572f513c05301/package.json.bin +++ /dev/null @@ -1,61 +0,0 @@ -HTTP/1.1 200 OK -Server: nginx -Date: Fri, 27 Sep 2019 23:51:06 GMT -Content-Type: text/plain; charset=utf-8 -Content-Length: 1181 -Cache-Control: max-age=3600, public -Content-Disposition: inline -Etag: W/"78309fbf8af4479c47eca65b0c5e3f51" -Referrer-Policy: strict-origin-when-cross-origin -X-Content-Type-Options: nosniff -X-Download-Options: noopen -X-Frame-Options: DENY -X-Permitted-Cross-Domain-Policies: none -X-Request-Id: graoMBsFby9 -X-Runtime: 0.066962 -X-Ua-Compatible: IE=edge -X-Xss-Protection: 1; mode=block -Strict-Transport-Security: max-age=31536000 -Referrer-Policy: strict-origin-when-cross-origin -GitLab-LB: fe-02-lb-gprd -GitLab-SV: web-14-sv-gprd - -{ - "name": "kanban", - "version": "0.0.1", - "repository": "gitlab.com/leanlabsio/kanban", - "scripts": { - "install": "npm install", - "build": "grunt build", - "watch": "grunt watch" - }, - "devDependencies": { - "grunt": "~0.4.1", - "grunt-cli": "~0.1.13", - "grunt-contrib-copy": "^0.5.0", - "grunt-contrib-concat": "~0.5.0", - "grunt-contrib-watch": "~0.5.3", - "grunt-contrib-uglify": "~0.7.0", - "grunt-sass": "1.0.0", - "grunt-contrib-connect": "~0.8.0", - "grunt-connect-proxy": "~0.1.11" - }, - "dependencies": { - "angular": "=1.5.6", - "angular-lodash": "https://github.com/EMSSConsulting/angular-lodash.git#68a726c", - "foundation-sites": "5.5.2", - "angular-foundation": "https://github.com/pineconellc/angular-foundation.git#8f3f260", - "angular-loading-bar": "=0.5.2", - "angular-storage": "=0.0.6", - "angular-ui-router": "=0.3.0", - "angularjs-datepicker": "=0.2.15", - "font-awesome": "=4.6.3", - "markdown-it": "=5.0.2", - "markdown-it-emoji": "=1.1.0", - "ng-sortable": "=1.3.6", - "sass-flex-mixin": "=1.0.3", - "lodash": "=4.13.1", - "twemoji": "=2.1.0", - "angular-file-upload": "=2.3.4" - } -} diff --git a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin deleted file mode 100644 index 0a74886059..0000000000 --- a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin +++ /dev/null @@ -1,18 +0,0 @@ -HTTP/1.1 200 OK -Date: Fri, 27 Sep 2019 22:17:23 GMT -Content-Type: application/vnd.npm.install-v1+json -Content-Length: 4072 -Connection: keep-alive -Set-Cookie: __cfduid=dadfb9c119f3195f6f00e4492573791c41569622642; expires=Sat, 26-Sep-20 22:17:22 GMT; path=/; domain=.registry.yarnpkg.com; HttpOnly -CF-Cache-Status: REVALIDATED -Cache-Control: max-age=300 -CF-Ray: 51d0d8eac82f3c81-CDG -Accept-Ranges: bytes -ETag: "49fffc656197ace1f624570132931c23" -Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" -Last-Modified: Thu, 01 Nov 2018 01:11:09 GMT -Vary: accept-encoding, accept -x-amz-meta-rev: 3-72d30e72712ca5e8a55f6613d7a30236 -Server: cloudflare - -{"versions":{"1.0.0":{"name":"is-pnp","version":"1.0.0","bin":{"is-pnp":"./bin.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"47d3d7151df242eb7ca4768fc2e7f6228871899a","integrity":"sha512-Lx0Sh5h20HtLz+xnlh4NRhQ6w231tGN4yuU3oBi6vn7oSbiIk2V4sqoIn00bczm9ojwkFPzzFUeSOIKEgYpszA==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.0.tgz","fileCount":5,"unpackedSize":2268,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lGmCRA9TVsSAnZWagAARHYP/1botUA//2RoqJEP3nHB\nnQ0G1qhSYL685aLgZTWJW9pS3ucPzxxeofbnByOsbSjUqycwsHBqL/DDeYsq\nz3b0dmfcfESK+CSafYECSnj8kPJH5N5VU2UXs+A+wLEM0D0nSe4wfJLVptA0\nrOpeYrkfwX8ZC1EGLGvQM4cMqpk3Ji6RBZHtD0U/ttYR3A0vP5P76oO2/tBl\n3QSK3nJSpU83OkMBPVY3hnDrGkCjJqwvcqWoWUG0/BtHS5KYD99yrxFAzT5f\nMhtqCZiediDcGtrMhP5b0VAkqdrwFPg/tZPpgqYCevR+2ipWhkxhD0Z4yyx1\n2AuJnEoQKRiBiFPIv5aiJZD9Jj00iey4tdQ1NcXnRtAA16Lo0t4MX/OnkyJW\nBfcSd795mVpe4AO9u6bqMDZfkQrBRunxa7OKKCEXUGihm0YNtTWKat5ym1ia\n9H9Bwlgm3GoFAuHQMu07ZEwidLpWoQfjrTUOufw+/rKNSIRoMNuL3Z/8i4Hj\nazYRMgdzb9rkf6+F7LLJKnyZaDY/bS/KIb61LdkfkX8JCcKUfhVAd5KIvI4e\nAwLAUfHwWM2u2smbexFzvgvXnNFmVrcCGBbMcIrQ+JfiJ+izFVJ7YyLY+Fpt\nwxbV0Vug6gyYDyDtjFCdeL2wFmgR3+nASXWFY4CZ+ZoFX+ontSZ4U5b9PTIs\n1ojq\r\n=DAoM\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}},"1.0.1":{"name":"is-pnp","version":"1.0.1","bin":{"is-pnp":"./sources/cli.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"ec0e4e443287214ce90bcb6fcd112d20de51f120","integrity":"sha512-uwFQ9SabYoNJwZnDqHUs+WTPvegmoLHjVQqkX4+MiKSjhRBRk+n/zKBAex4yvWnzbN352W7FUuYX8L5yEVmiVA==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.1.tgz","fileCount":5,"unpackedSize":2276,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lJICRA9TVsSAnZWagAAX2IP/jE0+3aAdO7cu9DXNJnb\njoi3rDo8CRfARhWbJRhUj7omDxeP37U3dIIkK69AL8XZSPPUQ8o2uH1AOjZB\niI8cp0IX4bgalRXzEWPj3v8l3z6/BwJoUXy7N5ugdxron+AYj4kS4I1jI6Pa\nUo3z096sc8zAgXFE00RiKwUBGNw+4xpg0yVri/vXpezsahi8r4qZbrc9/hr3\nWzoIK6GwQnGpn5FEhdiuPbB0QiZvalYHn5v2IWtMpQG4ed6jM/vSBAqKqkFv\n95McUD13wz7iJ59BaJHwbypD/WFWz34ZBPZ8QpONk6UAJ2IZwh6J2Wj44k7a\nNtiEj3xo3A5stikfELI//H0AruTI6sSI++EJ8YvHQUj73s6kG0Z/FzPptgKp\nKYLSqXNAC/zHiId1s7uj+jsCLXIm4G2bPQUTsDMfejDS6TfjAVO2COxRF34q\ncLGzYFL1/R+/hO4ckoLl7vz6Vm/zSlMaxZPDUFDy8d0ScxHZOL+760cdIhjT\nr1XGyXAmyjGLWTHvA6sE5X0H0PgghQErsLYXi679KBdnZjN2+Xcmv0pNIqbg\nwS7SBjV+KGpc1PnwtZdfvZcegvY+252zsBvRye9/hcQ0Rdmetbod8XicA3Bw\nuTLC2N9opHeTI7a9bKrACXkSApJftjzYSfnycb27r9bgIAY6BeNhr7JFEMKV\nnxUD\r\n=8Blc\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}},"1.0.2":{"name":"is-pnp","version":"1.0.2","bin":{"is-pnp":"./sources/cli.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"cbe5d6ad751897822fd92539ac5cfa37c04f3852","integrity":"sha512-BzoewUq0EZFJYKlYpObv2xRdTRJQXwMLbk2Y5l8Dhl0EQGPhdPrSdBlQaAT46gIKjAkNBNScDiUDbuBCTDNCsQ==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.2.tgz","fileCount":5,"unpackedSize":2282,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lKpCRA9TVsSAnZWagAAkFcP+QHfioEIu01ww57y/Jnw\neOtM4JPvx0hDMKxMBKSyvVHmjZKwqxvkAnqdyybHts7i6auvuuMKDO43oaRO\n5GY5i/u29arwBKnPgeVrC6TUnbVxiSP4KBtfzRs3YCXbQ0MfSPmXiH4nzzi/\ngWeNGutgCAbefJjB0eahVCUgO7DL+sM8kEt2iNSDM1gKUDSVq5yvsZD20tX+\n/60eLG4xtz/2zXDKjoqo+DZtvW9kdLJ6TlvbDU1mt1OBSzkTiakIe1XXymVT\n+gRC0QGKGMP+YJG+VothHez/JAagl/92c/JDsb54HkW/OkUKCHFyUAw0P3h1\n46p0vEr54rHa7wT6O0fKg7q+MN1mMOKR3wO258LQW20n+DQJK1hxcJOkk+xf\n6iOa2d6Ywox9yT9B/V555BEZ2fYbnNb4gw+oo3/YyJcZ1Ooadt5kvEyDb67+\ntOaOMBXZh7/FR8EghwBBqlOndWCD4OQYVXVCwIdf/PFyUtB1+Obd4/1H+Dkw\nmg01pi7jYHG8mKLIMNdjggWi966nJ3fZqBDLW0eRtFzCbe+8VSOPKGRSHHnI\n99SD9oY/dgmimcakZ3hInuGlMGf0UrSLjHwi24y0ae1O0AlnQz0bXU0qHAH2\nH/Npr3zjOcAULwvHqtu2l1mNv/PX8GtafyybiMaXBcERearcUN/48tbvcbFX\nZmBP\r\n=z5fE\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}}},"name":"is-pnp","dist-tags":{"latest":"1.0.2"},"modified":"2018-11-01T01:11:07.975Z"} \ No newline at end of file diff --git a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin deleted file mode 100644 index 083e13e41539160aa705bc126d13d1808b5bd6f1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2045 zcmY*XX;f3!8YLj=iv|JF8Wp*yU|I+n$#5Z7h%(Pc6sX|!=4KE`Lb#v^HVufNK)`_p zP)tRhZBc4*2&|_ff}{Z&1qB2ZjUvTrv<_7qNiV*)mg}8gXYI4U@7sHSCqy8Kq0oG2 z0G&z&qQeRJ)ewq+K#)@E4ba)ZT10`p(6|7d4${~lodE<#3J7?9683IqyK_C@D6l5q(nvD?fYq3hc zT%Ib$dZwhnB4L(P$P)?~ECvmtAqb7b@%3ejL|i69<*=zj1YxkbOcBkO#bwdyEGEMb zK(;BQN+grF7D6%kEHWmaOsD>zct1b^p%Na&4-m@JA*qb#qeR3~OmL1*4y2SRQpG;7 zJlzinK~Y7tEG-9<8${+qummBmMIkgR69hs+ry}?SO$DKpr-48^w2cgj5gwC)1xfu> z6bI#ifG<;}9ioaDFo#CwuMQ^Q17H|YpyW76CPuJ^n{!Yk6GO$AaXO7kr85cm zH3CQs0!wKy8(}e6G$xzHLO2`_1Tz>cuCEA&H*?vLh`AJFZc|`slKFzqDp*t|hf4JZ zl!!vEM9Eo7DQ~F+Gn5HZD4#JOI8B}<6s18*WXdxI7Rt!5SW4N9KrpsSEX=9CFpABH zfHF~Xq+BQ!Nf99k2qanF0F?$r$+M@v2M4=@G#W_d{`Y&tLrTp0|4got!C0M4JhfkC zHlhT9&tnOA0^Y4;rp>1__sNEPvRf?2r*dBB0I~OSjE9$IBhW!7>EmXd_Tb0Y*soC= zozoeWp#cZ(6ZvkEp`H*o-b1PgQx9qSbA0Oc6;G)6u?uPHX{abE{)l!@GlOcp_NS z6tM(n_p*=2eS7O&bNQ{oW0Q?h%_XnC)}LTKa#Q!{9(bL!;$oir!_~)X19UFSeWsn5 zU%#PZu_3KA5%8`#wj6iZZnUtUZVWe&4tCUNxy76x6Wp0kUR}T8oz(8yWj|&y-K!(f zGq%*AT=wPseN3n6W1cswwu%Z+*p~ld0^rX;?(*+FQ@8r$PB`_l$({2M(#MT>qqTw3TFTPBFJ2S&+-e$yEH3d53%t z-XtcLg|^lQ_J{Hv=^H!z%Qpl#yNbB(ZQ`mQNV>VMcun451+-a#)6I8UXIWNCN(%1@ zoFDrvp=pn@&KMl{tSac?oRWoFdP749qsAFmw1CL;e6`20*ETfdfGq-KEvgK2r_3_$ zCMg$&yMYTkrPU!0i?YJBXM!qv*4gev6Y-_1Ui3p_j6P6U*Vs-!Tq*8An3O_O!RDcdML|ht+mZry11N?k9dbBtvr-v(Xl1hgwCnO`N9x zBDp|?({Ckw-IAO#WBj)abA+dPhFN3a-?+rR@t8n)|I38)m5kc)A}X4}K6<@({dZ@* zZd8Yem#uh6P)Ky=`0Vq8_u2`(KVRC`-lXaadY^1`cw%GFUK-MIX5I~MKKyv&wBq}v ziz!UUdE;$4g?3f5E%#yqhPB3(F(0;1z5x{}4uK2abhH-iA9tXizFHJzUl{Oem)`H% z5qY^qt4SO?s$Eq*VEJXbrY6vTk?KP4D;_cE>O{Lu5g0_=IT3#H_U@wvt}Sz`D@xje zC+M{;?dziywc~oN{QFX!hxAb3(Jf}eg__1Wi{c<6d2|~?SMkWW{_(z% zOgQn1u1P$~OzhD+LrItQF|{(5&oKenH$pwW+<&+#BP`=(dViL7zvr8?BfmSde(NY} z8{U(>#`P-s+EdFp8Q;`;ys@cs@9c>)0$G$QGtD?AaQ#^4ulaSP`j&fi&s&X^9&Oz_ zBd^%GD?P&)YOp77YrT`5c!JS6>%xH1tq?J0C9RToZSQ=!TB-VImb;Ewc36q=yO0gq z#?aE_vOAK$Uh76qMzHQ$-}&abl$QU;+62C^UOewSbk~|UefVe9N8;p}1#S%&2To-_ zy1TL|@%^Ng`@sBj!k*igv(xUU;b3a&B_`$yB_q&?37c2-R Q<=6)tvHz^mX0eUUKUe8?`v3p{ diff --git a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/ponyhooves/-/ponyhooves-1.0.1.tgz.bin b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/ponyhooves/-/ponyhooves-1.0.1.tgz.bin new file mode 100644 index 0000000000000000000000000000000000000000..4c3db35535bed32f15d8667000a2e9074b30606b GIT binary patch literal 1742 zcmY*XZB$cN7LBb7F!E8vT2R540M-ggUcSGGQUVf{6f}w0TELf=OA;V2A$e#r7KIrY zQi;=%B0{U6fE5I_I;ay|N)ZsnSu!vpq(fB-j0D@k4vN5_%)@pq*W6!s?Yqx8d+&Q> zN@Ws*NoPVV7={wJ`jBH09EczVf=5Cu0i*yX;)N-Mm~0U&6meKkyj+r|>qHQf3B#{Z44?~i5tIpliH2n9_W&QV zf~b@ljhT9)XIdJXuF27BBpMzIVWDa+n~MmT907;NVRL{0qzgGnIu9V}2$Rbb^7uTa zfF*{2)ucBAi$sxw5%T#oLOzWJ|DSjIuO%x(zX7rc5mz zH5$Z_49880SeA{DyNM=6P#vHta0Jh>h#=YKg$Q0l3qhETSt7`QSZRnBNH}aF$OVs^ zXxkB+2;wp|+;k2M*lINs)u`DtX>7a?`9l;1CY)ekT0k^Z+i+kZP%UAc&E@c6mJc~j ziD*R-6%oQPkBf2zYCd1hQzHTtWebVBfKPN*^ARe+w3>)CX;S4I6+Dj{ zhrFiPi}d=u{d2Ox__gevyW0I7_g|9622xg|yTW_jy`QR7 zE@hoBjr#617DN;e1i+ zkfZy+qwd#rb3s2S!>`FKUybnXErqnqrut>pQ%Bv^A;BN7I5k$AP^M2g*&N*h-phVB z?QCy(#NC5(rz{3f>3_1mw#hM1N!I6HbLIt(R^NIOcK&wttvbA>Q~SR0!S4P4{(I!P z@!DEY!U)Jak)3*KIo4mbq-E60c(p&*o?3PNTE*OtlwW$|pY~pf%&R-7irLX|ggskc zGf}p$eR_IgdbH?vR58`!?pRy~+mq(z%c)^~QvcsyFj#UHQw*!(UwC~$71@2)K^xlI zJ&+fEt`j#MQtOTO%tL{C`QA=tUvZPl(>3V7A~Yz_=^an~S5hpyG_>bXlmY4c+8@abS#q4q2?soklxD7TY-^ZfSYpQ3RKfGOiI-4I;)3lOr6W<|s_63Q*5f3(d1qW5O*)M`i zQ|k7o0e_w#8#-a%p{9b_gCshmu;J+NM+t2wg1UOMmxdOYM&Qe-Jt;e-Zpyte@!E)k z&+^hw*Vnr~CwWKJho8YpR&}KEDgG-<_cIg^K0R04_$R!z5PP!r`kvU*aIYC%Mxp7y z&WuGvtEL8|xj{PBkldP=diUn3!|$v=yXY%ZLDOoXbs*`;^Q45o+Vc&2I!8RcH&zVz zYj@Y|+Q+sAdAqh&7918#c void, tarballPath?: string, ): { - validateStream: ssri.integrityStream, + hashValidateStream: stream.PassThrough, + integrityValidateStream: stream.PassThrough, extractorStream: stream.Transform, } { - const integrityInfo = this._supportedIntegrity(); + const hashInfo = this._supportedIntegrity({hashOnly: true}); + const integrityInfo = this._supportedIntegrity({hashOnly: false}); const now = new Date(); @@ -124,7 +126,9 @@ export default class TarballFetcher extends BaseFetcher { }, }); - const validateStream = new ssri.integrityStream(integrityInfo); + const hashValidateStream = new ssri.integrityStream(hashInfo); + const integrityValidateStream = new ssri.integrityStream(integrityInfo); + const untarStream = tarFs.extract(this.dest, { strip: 1, dmode: 0o755, // all dirs should be readable @@ -138,10 +142,13 @@ export default class TarballFetcher extends BaseFetcher { }); const extractorStream = gunzip(); - validateStream.once('error', err => { + hashValidateStream.once('error', err => { + this.validateError = err; + }); + integrityValidateStream.once('error', err => { this.validateError = err; }); - validateStream.once('integrity', sri => { + integrityValidateStream.once('integrity', sri => { this.validateIntegrity = sri; }); @@ -192,7 +199,7 @@ export default class TarballFetcher extends BaseFetcher { }); }); - return {validateStream, extractorStream}; + return {hashValidateStream, integrityValidateStream, extractorStream}; } getLocalPaths(override: ?string): Array { @@ -217,9 +224,16 @@ export default class TarballFetcher extends BaseFetcher { invariant(stream, 'stream should be available at this point'); // $FlowFixMe - This is available https://nodejs.org/api/fs.html#fs_readstream_path const tarballPath = stream.path; - const {validateStream, extractorStream} = this.createExtractor(resolve, reject, tarballPath); + const {hashValidateStream, integrityValidateStream, extractorStream} = this.createExtractor( + resolve, + reject, + tarballPath, + ); + + stream.pipe(hashValidateStream); + hashValidateStream.pipe(integrityValidateStream); - stream.pipe(validateStream).pipe(extractorStream).on('error', err => { + integrityValidateStream.pipe(extractorStream).on('error', err => { reject(new MessageError(this.config.reporter.lang('fetchErrorCorrupt', err.message, tarballPath))); }); }); @@ -243,19 +257,23 @@ export default class TarballFetcher extends BaseFetcher { const tarballMirrorPath = this.getTarballMirrorPath(); const tarballCachePath = this.getTarballCachePath(); - const {validateStream, extractorStream} = this.createExtractor(resolve, reject); + const {hashValidateStream, integrityValidateStream, extractorStream} = this.createExtractor( + resolve, + reject, + ); - req.pipe(validateStream); + req.pipe(hashValidateStream); + hashValidateStream.pipe(integrityValidateStream); if (tarballMirrorPath) { - validateStream.pipe(fs.createWriteStream(tarballMirrorPath)).on('error', reject); + integrityValidateStream.pipe(fs.createWriteStream(tarballMirrorPath)).on('error', reject); } if (tarballCachePath) { - validateStream.pipe(fs.createWriteStream(tarballCachePath)).on('error', reject); + integrityValidateStream.pipe(fs.createWriteStream(tarballCachePath)).on('error', reject); } - validateStream.pipe(extractorStream).on('error', reject); + integrityValidateStream.pipe(extractorStream).on('error', reject); }, }, this.packageName, @@ -311,8 +329,8 @@ export default class TarballFetcher extends BaseFetcher { return this.fetchFromLocal().catch(err => this.fetchFromExternal()); } - _findIntegrity(): ?Object { - if (this.remote.integrity) { + _findIntegrity({hashOnly}: {hashOnly: boolean}): ?Object { + if (this.remote.integrity && !hashOnly) { return ssri.parse(this.remote.integrity); } if (this.hash) { @@ -321,12 +339,12 @@ export default class TarballFetcher extends BaseFetcher { return null; } - _supportedIntegrity(): {integrity: ?Object, algorithms: Array} { - const expectedIntegrity = this._findIntegrity() || {}; + _supportedIntegrity({hashOnly}: {hashOnly: boolean}): {integrity: ?Object, algorithms: Array} { + const expectedIntegrity = this._findIntegrity({hashOnly}) || {}; const expectedIntegrityAlgorithms = Object.keys(expectedIntegrity); const shouldValidateIntegrity = (this.hash || this.remote.integrity) && !this.config.updateChecksums; - if (expectedIntegrityAlgorithms.length === 0 && !shouldValidateIntegrity) { + if (expectedIntegrityAlgorithms.length === 0 && (!shouldValidateIntegrity || hashOnly)) { const algorithms = this.config.updateChecksums ? ['sha512'] : ['sha1']; // for consistency, return sha1 for packages without a remote integrity (eg. github) return {integrity: null, algorithms}; diff --git a/src/package-fetcher.js b/src/package-fetcher.js index 3f4c24e42e..e03ea9544f 100644 --- a/src/package-fetcher.js +++ b/src/package-fetcher.js @@ -9,8 +9,24 @@ import * as fetchers from './fetchers/index.js'; import * as fs from './util/fs.js'; import * as promise from './util/promise.js'; -async function fetchCache(dest: string, fetcher: Fetchers, config: Config): Promise { - const {hash, package: pkg} = await config.readPackageMetadata(dest); +const ssri = require('ssri'); + +async function fetchCache( + dest: string, + fetcher: Fetchers, + config: Config, + integrity: ?string, +): Promise { + // $FlowFixMe: This error doesn't make sense + const {hash, package: pkg, remote} = await config.readPackageMetadata(dest); + + if (integrity) { + if (!remote.integrity || !ssri.parse(integrity).match(remote.integrity)) { + // eslint-disable-next-line yarn-internal/warn-language + throw new MessageError('Incorrect integrity when fetching from the cache'); + } + } + await fetcher.setupMirrorFromCache(); return { package: pkg, @@ -40,7 +56,7 @@ export async function fetchOneRemote( const fetcher = new Fetcher(dest, remote, config); if (await config.isValidModuleDest(dest)) { - return fetchCache(dest, fetcher, config); + return fetchCache(dest, fetcher, config, remote.integrity); } // remove as the module may be invalid From 34efd23305b9da701aae96f29302b71a5a0ea2e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 17:15:00 +0200 Subject: [PATCH 36/49] Adds a check for the hash too --- src/package-fetcher.js | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/package-fetcher.js b/src/package-fetcher.js index e03ea9544f..f8bdd65f6f 100644 --- a/src/package-fetcher.js +++ b/src/package-fetcher.js @@ -15,13 +15,20 @@ async function fetchCache( dest: string, fetcher: Fetchers, config: Config, - integrity: ?string, + remote: PackageRemote, ): Promise { // $FlowFixMe: This error doesn't make sense - const {hash, package: pkg, remote} = await config.readPackageMetadata(dest); + const {hash, package: pkg, remote: cacheRemote} = await config.readPackageMetadata(dest); + + if (remote.integrity) { + if (!cacheRemote.integrity || !ssri.parse(remote.integrity).match(cacheRemote.integrity)) { + // eslint-disable-next-line yarn-internal/warn-language + throw new MessageError('Incorrect integrity when fetching from the cache'); + } + } - if (integrity) { - if (!remote.integrity || !ssri.parse(integrity).match(remote.integrity)) { + if (remote.hash) { + if (!cacheRemote.hash || cacheRemote.hash !== remote.hash) { // eslint-disable-next-line yarn-internal/warn-language throw new MessageError('Incorrect integrity when fetching from the cache'); } @@ -56,7 +63,7 @@ export async function fetchOneRemote( const fetcher = new Fetcher(dest, remote, config); if (await config.isValidModuleDest(dest)) { - return fetchCache(dest, fetcher, config, remote.integrity); + return fetchCache(dest, fetcher, config, remote); } // remove as the module may be invalid From c3d256fcf641de4fe8d4d6034a2b046fafae30c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 17:33:25 +0200 Subject: [PATCH 37/49] v1.19.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 74beac72fb..e3ae7f4571 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "yarn", "installationMethod": "unknown", - "version": "1.19.0-0", + "version": "1.19.0", "license": "BSD-2-Clause", "preferGlobal": true, "description": "📦🐈 Fast, reliable, and secure dependency management.", From 7580943cee327f5a1eec56786d2759e96fa763b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 17:33:29 +0200 Subject: [PATCH 38/49] 1.20.0-0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e3ae7f4571..9876211a72 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "yarn", "installationMethod": "unknown", - "version": "1.19.0", + "version": "1.20.0-0", "license": "BSD-2-Clause", "preferGlobal": true, "description": "📦🐈 Fast, reliable, and secure dependency management.", From a890340a9c7ce4c56990be1cb98de7145a1227db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 18:44:11 +0200 Subject: [PATCH 39/49] Update CHANGELOG.md --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index df560128bd..da47cbff7d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +## 1.19.0 + +**Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. + +- Fixes a potential vulnerability regarding how the build artifacts are stored + + [**Maël Nison**](https://twitter.com/arcanis) + ## 1.18.0 - Suggests using the Yarn 2 development trunk on PnP-enabled projects From 809fb48927a8bcb89fd4853acf1846a51afa642d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Sat, 28 Sep 2019 18:45:18 +0200 Subject: [PATCH 40/49] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index da47cbff7d..7685589483 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa - Fixes a potential vulnerability regarding how the build artifacts are stored - [**Maël Nison**](https://twitter.com/arcanis) + Reported by [**ChALkeR**](https://github.com/ChALkeR), fixed by [**Maël Nison**](https://twitter.com/arcanis) ## 1.18.0 From 25d5526c8995443b03c113c44f9c8e9a79c2c074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Mon, 30 Sep 2019 13:31:01 +0200 Subject: [PATCH 41/49] Use different folders with integrity or without (#7586) * Uses a different folder for pkgs with integrity or without * Fixes for when integrity is an object instance * Stores whether integrity exists or not * Updates a lockfile to reference the integrity * Fixes resolver check * Fixes cache pattern --- __tests__/fixtures/install/install-production/yarn.lock | 2 ++ __tests__/package-resolver.js | 2 +- src/config.js | 5 +++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/__tests__/fixtures/install/install-production/yarn.lock b/__tests__/fixtures/install/install-production/yarn.lock index 83f2533fdc..0d7972c07f 100644 --- a/__tests__/fixtures/install/install-production/yarn.lock +++ b/__tests__/fixtures/install/install-production/yarn.lock @@ -5,7 +5,9 @@ is-array@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/is-array/-/is-array-1.0.1.tgz#e9850cc2cc860c3bc0977e84ccf0dd464584279a" + integrity sha1-6YUMwsyGDDvAl36EzPDdRkWEJ5o= left-pad@^1.1.3: version "1.1.3" resolved "https://registry.yarnpkg.com/left-pad/-/left-pad-1.1.3.tgz#612f61c033f3a9e08e939f1caebeea41b6f3199a" + integrity sha1-YS9hwDPzqeCOk58crr7qQbbzGZo= diff --git a/__tests__/package-resolver.js b/__tests__/package-resolver.js index 269c1b614d..3c0ff6c485 100644 --- a/__tests__/package-resolver.js +++ b/__tests__/package-resolver.js @@ -14,7 +14,7 @@ jasmine.DEFAULT_TIMEOUT_INTERVAL = 90000; const path = require('path'); // regexp which verifies that the cache path contains a path component ending with semver + hash -const cachePathRe = /-\d+\.\d+\.\d+-[\dabcdef]{40}[\\\/]/; +const cachePathRe = /-\d+\.\d+\.\d+-[\dabcdef]{40}(?:-integrity)?[\\\/]/; async function createEnv(configOptions): Object { const lockfile = new Lockfile(); diff --git a/src/config.js b/src/config.js index 2fdf5ff162..caf3d247af 100644 --- a/src/config.js +++ b/src/config.js @@ -17,6 +17,7 @@ import {registries, registryNames} from './registries/index.js'; import {NoopReporter} from './reporters/index.js'; import map from './util/map.js'; +const crypto = require('crypto'); const detectIndent = require('detect-indent'); const invariant = require('invariant'); const path = require('path'); @@ -520,6 +521,10 @@ export default class Config { slug += `-${hash}`; } + if (pkg.remote.integrity) { + slug += `-integrity`; + } + return slug; } From 511982802ce162fc74f4f15d1463ba6cb85fd594 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 2 Oct 2019 16:54:30 +0200 Subject: [PATCH 42/49] Fixes Node forwarding w/ yarn-path (#7592) * Fixes Node forwarding w/ yarn-path * Fixes spawning --- src/cli/index.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/cli/index.js b/src/cli/index.js index 2ed29cbef0..29ed981060 100644 --- a/src/cli/index.js +++ b/src/cli/index.js @@ -617,7 +617,11 @@ async function start(): Promise { let exitCode = 0; try { - exitCode = await spawnp(yarnPath, argv, opts); + if (yarnPath.endsWith(`.js`)) { + exitCode = await spawnp(process.execPath, [yarnPath, ...argv], opts); + } else { + exitCode = await spawnp(yarnPath, argv, opts); + } } catch (firstError) { try { exitCode = await forkp(yarnPath, argv, opts); From e7cc86bf1c11e44b4336278269d5d8fc7b4f824f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 2 Oct 2019 16:56:59 +0200 Subject: [PATCH 43/49] Enforces sha512 in the cache (#7591) * Always store sha512 in the cache * Bumps the cache * Fixes error reporting --- .../node_modules/corrupted-meta-empty/.yarn-metadata.json | 0 .../node_modules/corrupted-meta-not-existing/.gitkeep | 0 .../node_modules/corrupted-meta-typo/.yarn-metadata.json | 0 .../{v5 => v6}/good/node_modules/good/.yarn-metadata.json | 0 src/constants.js | 2 +- src/fetchers/tarball-fetcher.js | 6 ++++-- src/package-fetcher.js | 7 +++++-- src/types.js | 1 + 8 files changed, 11 insertions(+), 5 deletions(-) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v5 => v6}/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json (100%) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v5 => v6}/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep (100%) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v5 => v6}/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json (100%) rename __tests__/fixtures/cache/corrupted/.yarn-cache/{v5 => v6}/good/node_modules/good/.yarn-metadata.json (100%) diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json b/__tests__/fixtures/cache/corrupted/.yarn-cache/v6/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v6/corrupted-meta-empty/node_modules/corrupted-meta-empty/.yarn-metadata.json diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep b/__tests__/fixtures/cache/corrupted/.yarn-cache/v6/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v6/corrupted-meta-not-existing/node_modules/corrupted-meta-not-existing/.gitkeep diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json b/__tests__/fixtures/cache/corrupted/.yarn-cache/v6/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v5/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v6/corrupted-meta-typo/node_modules/corrupted-meta-typo/.yarn-metadata.json diff --git a/__tests__/fixtures/cache/corrupted/.yarn-cache/v5/good/node_modules/good/.yarn-metadata.json b/__tests__/fixtures/cache/corrupted/.yarn-cache/v6/good/node_modules/good/.yarn-metadata.json similarity index 100% rename from __tests__/fixtures/cache/corrupted/.yarn-cache/v5/good/node_modules/good/.yarn-metadata.json rename to __tests__/fixtures/cache/corrupted/.yarn-cache/v6/good/node_modules/good/.yarn-metadata.json diff --git a/src/constants.js b/src/constants.js index 5ff07af051..863033a701 100644 --- a/src/constants.js +++ b/src/constants.js @@ -28,7 +28,7 @@ export const YARN_INSTALLER_MSI = 'https://yarnpkg.com/latest.msi'; export const SELF_UPDATE_VERSION_URL = 'https://yarnpkg.com/latest-version'; // cache version, bump whenever we make backwards incompatible changes -export const CACHE_VERSION = 5; +export const CACHE_VERSION = 6; // lockfile version, bump whenever we make backwards incompatible changes export const LOCKFILE_VERSION = 1; diff --git a/src/fetchers/tarball-fetcher.js b/src/fetchers/tarball-fetcher.js index 916f739410..19fc5b912b 100644 --- a/src/fetchers/tarball-fetcher.js +++ b/src/fetchers/tarball-fetcher.js @@ -166,9 +166,11 @@ export default class TarballFetcher extends BaseFetcher { this.remote.integrity !== this.validateIntegrity.toString() ) { this.remote.integrity = this.validateIntegrity.toString(); + } else if (this.validateIntegrity) { + this.remote.cacheIntegrity = this.validateIntegrity.toString(); } - if (integrityInfo.algorithms.length === 0) { + if (integrityInfo.integrity && Object.keys(integrityInfo.integrity).length === 0) { return reject( new SecurityError( this.config.reporter.lang('fetchBadIntegrityAlgorithm', this.packageName, this.remote.reference), @@ -350,7 +352,7 @@ export default class TarballFetcher extends BaseFetcher { return {integrity: null, algorithms}; } - const algorithms = new Set(); + const algorithms = new Set(['sha512']); const integrity = {}; for (const algorithm of expectedIntegrityAlgorithms) { if (isHashAlgorithmSupported(algorithm)) { diff --git a/src/package-fetcher.js b/src/package-fetcher.js index f8bdd65f6f..077f4c6d2a 100644 --- a/src/package-fetcher.js +++ b/src/package-fetcher.js @@ -20,15 +20,18 @@ async function fetchCache( // $FlowFixMe: This error doesn't make sense const {hash, package: pkg, remote: cacheRemote} = await config.readPackageMetadata(dest); + const cacheIntegrity = cacheRemote.cacheIntegrity || cacheRemote.integrity; + const cacheHash = cacheRemote.hash; + if (remote.integrity) { - if (!cacheRemote.integrity || !ssri.parse(remote.integrity).match(cacheRemote.integrity)) { + if (!cacheIntegrity || !ssri.parse(cacheIntegrity).match(remote.integrity)) { // eslint-disable-next-line yarn-internal/warn-language throw new MessageError('Incorrect integrity when fetching from the cache'); } } if (remote.hash) { - if (!cacheRemote.hash || cacheRemote.hash !== remote.hash) { + if (!cacheHash || cacheHash !== remote.hash) { // eslint-disable-next-line yarn-internal/warn-language throw new MessageError('Incorrect integrity when fetching from the cache'); } diff --git a/src/types.js b/src/types.js index 442b54ff7d..f776508c5f 100644 --- a/src/types.js +++ b/src/types.js @@ -56,6 +56,7 @@ export type PackageRemote = { resolved?: ?string, hash: ?string, integrity?: ?string, + cacheIntegrity?: ?string, packageName?: string, registryRemote?: ?PackageRemote, }; From c040e7918dca811e0d4b54a949fd6f3be403a777 Mon Sep 17 00:00:00 2001 From: Michael <2231370+Blasz@users.noreply.github.com> Date: Fri, 4 Oct 2019 04:04:05 +1000 Subject: [PATCH 44/49] Fix cache integrity check false-positives across multiple registries (#7595) * Add tests for cache integrity check * Always store sha1 hash as part of cacheIntegrity This prevents broken installs as a result of a package being resolved from a registry that does not return an sha512 integrity field, such as an internal npm registry, where the package was previously cached from a registry that did return a sha512 integrity hash. * Improve cache integrity check error messages --- __tests__/commands/install/integration.js | 99 +++++++++++++++++++ .../package.json | 14 +++ .../install-update-auth-cached-sha1/yarn.lock | 8 ++ .../package.json | 14 +++ .../yarn.lock | 8 ++ .../safe-buffer/.yarn-metadata.json | 19 ++++ .../node_modules/safe-buffer/package.json | 4 + .../package.json | 14 +++ .../yarn.lock | 8 ++ .../safe-buffer/.yarn-metadata.json | 19 ++++ .../node_modules/safe-buffer/package.json | 4 + .../package.json | 14 +++ .../yarn.lock | 8 ++ .../safe-buffer/.yarn-metadata.json | 17 ++++ .../node_modules/safe-buffer/package.json | 4 + .../package.json | 9 ++ .../yarn.lock | 7 ++ .../package.json | 14 +++ .../yarn.lock | 8 ++ .../safe-buffer/.yarn-metadata.json | 19 ++++ .../node_modules/safe-buffer/package.json | 4 + .../package.json | 14 +++ .../yarn.lock | 8 ++ .../safe-buffer/.yarn-metadata.json | 19 ++++ .../node_modules/safe-buffer/package.json | 4 + .../package.json | 14 +++ .../yarn.lock | 8 ++ src/fetchers/tarball-fetcher.js | 2 +- src/package-fetcher.js | 10 +- src/reporters/lang/en.js | 4 + 30 files changed, 392 insertions(+), 6 deletions(-) create mode 100644 __tests__/fixtures/install/install-update-auth-cached-sha1/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-cached-sha1/yarn.lock create mode 100644 __tests__/fixtures/install/install-update-auth-cached-sha512/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-cached-sha512/yarn.lock create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-hash/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-hash/yarn.lock create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-integrity/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-invalid-cache-integrity/yarn.lock create mode 100644 __tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/.yarn-metadata.json create mode 100644 __tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/yarn.lock create mode 100644 __tests__/fixtures/install/install-update-auth-sha1-safebuffer/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-sha1-safebuffer/yarn.lock create mode 100644 __tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json create mode 100644 __tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-sha1-with-cache/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-sha1-with-cache/yarn.lock create mode 100644 __tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json create mode 100644 __tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-sha512-with-cache/package.json create mode 100644 __tests__/fixtures/install/install-update-auth-sha512-with-cache/yarn.lock diff --git a/__tests__/commands/install/integration.js b/__tests__/commands/install/integration.js index fc35aadf9e..0a05a4028b 100644 --- a/__tests__/commands/install/integration.js +++ b/__tests__/commands/install/integration.js @@ -1165,3 +1165,102 @@ test('install skips the scripts if the yarnrc specifies skip-scripts true', () = const ignoredScriptsMessage = reporter.lang('ignoredScripts'); expect(stdout).toMatch(ignoredScriptsMessage); })); + +describe('Cache', () => { + test('install should cache package without integrity prefix if no integrity field present', () => + runInstall({}, 'install-update-auth-no-integrity-field', async config => { + const pkgCacheDir = path.join( + config.cwd, + '.yarn-cache', + `v${constants.CACHE_VERSION}`, + 'npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853', + ); + + expect(await fs.exists(pkgCacheDir)).toEqual(true); + })); + + test('install should cache package with integrity suffix if integrity field present', () => + runInstall({}, 'install-update-auth-sha512', async config => { + const pkgCacheDir = path.join( + config.cwd, + '.yarn-cache', + `v${constants.CACHE_VERSION}`, + 'npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity', + ); + + expect(await fs.exists(pkgCacheDir)).toEqual(true); + })); + + test('install should store cached sha1 + sha512 integrity when lockfile has sha1 integrity field', () => + runInstall({}, 'install-update-auth-sha1-safebuffer', async config => { + const pkgCacheDir = path.join( + config.cwd, + '.yarn-cache', + `v${constants.CACHE_VERSION}`, + 'npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity', + ); + const pkgCacheMetaData = JSON.parse( + await fs.readFile(path.join(pkgCacheDir, 'node_modules', 'safe-buffer', constants.METADATA_FILENAME)), + ); + expect(pkgCacheMetaData.remote.cacheIntegrity).toBe( + // eslint-disable-next-line max-len + 'sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=', + ); + })); + + test('install should store cached sha1 + sha512 integrity when lockfile has sha512 integrity field', () => + runInstall({}, 'install-update-auth-sha512', async config => { + const pkgCacheDir = path.join( + config.cwd, + '.yarn-cache', + `v${constants.CACHE_VERSION}`, + 'npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity', + ); + const pkgCacheMetaData = JSON.parse( + await fs.readFile(path.join(pkgCacheDir, 'node_modules', 'safe-buffer', constants.METADATA_FILENAME)), + ); + expect(pkgCacheMetaData.remote.cacheIntegrity).toBe( + // eslint-disable-next-line max-len + 'sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=', + ); + })); + + test('install should store cached sha1 + sha512 integrity when lockfile has no integrity field', () => + runInstall({}, 'install-update-auth-no-integrity-field', async config => { + const pkgCacheDir = path.join( + config.cwd, + '.yarn-cache', + `v${constants.CACHE_VERSION}`, + 'npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853', + ); + const pkgCacheMetaData = JSON.parse( + await fs.readFile(path.join(pkgCacheDir, 'node_modules', 'safe-buffer', constants.METADATA_FILENAME)), + ); + + expect(pkgCacheMetaData.remote.cacheIntegrity).toBe( + // eslint-disable-next-line max-len + 'sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=', + ); + })); + + test('install should fail when cached package integrity does not match lockfile integrity field', () => + expect(runInstall({}, 'install-update-auth-invalid-cache-integrity')).rejects.toThrow( + // eslint-disable-next-line max-len + 'Incorrect integrity when fetching from the cache for "safe-buffer". Cache has "sha512-foo sha1-bar" and remote has "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM="', + )); + + test('install should fail when cached package hash does not match remote hash', () => + expect(runInstall({}, 'install-update-auth-invalid-cache-hash')).rejects.toThrow( + // eslint-disable-next-line max-len + 'Incorrect hash when fetching from the cache for "safe-buffer". Cache has "bad-hash" and remote has "893312af69b2123def71f57889001671eeb2c853"', + )); + + test('install should not fail cache integrity validation when lockfile has sha1 integrity field', () => + expect(runInstall({}, 'install-update-auth-sha1-with-cache')).resolves.toBeUndefined()); + + test('install should not fail cache integrity validation when lockfile has sha512 integrity field', () => + expect(runInstall({}, 'install-update-auth-sha512-with-cache')).resolves.toBeUndefined()); + + test('install should not fail cache integrity validation when lockfile has no integrity field', () => + expect(runInstall({}, 'install-update-auth-no-integrity-field-with-cache')).resolves.toBeUndefined()); +}); diff --git a/__tests__/fixtures/install/install-update-auth-cached-sha1/package.json b/__tests__/fixtures/install/install-update-auth-cached-sha1/package.json new file mode 100644 index 0000000000..9de32f63f4 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-cached-sha1/package.json @@ -0,0 +1,14 @@ +{ + "name": "install-update-auth-cached-sha1", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-cached-sha1/yarn.lock b/__tests__/fixtures/install/install-update-auth-cached-sha1/yarn.lock new file mode 100644 index 0000000000..852a1f4378 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-cached-sha1/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + integrity "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=" diff --git a/__tests__/fixtures/install/install-update-auth-cached-sha512/package.json b/__tests__/fixtures/install/install-update-auth-cached-sha512/package.json new file mode 100644 index 0000000000..9de32f63f4 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-cached-sha512/package.json @@ -0,0 +1,14 @@ +{ + "name": "install-update-auth-cached-sha1", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-cached-sha512/yarn.lock b/__tests__/fixtures/install/install-update-auth-cached-sha512/yarn.lock new file mode 100644 index 0000000000..923cd9ada0 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-cached-sha512/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + integrity "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg==" diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json new file mode 100644 index 0000000000..185b68ab60 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json @@ -0,0 +1,19 @@ +{ + "manifest": { + "name": "safe-buffer", + "version": "5.1.1" + }, + "artifacts": [], + "remote": { + "resolved": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#bad-hash", + "type": "tarball", + "reference": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz", + "hash": "bad-hash", + "integrity": "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=", + "registry": "npm", + "packageName": "safe-buffer", + "cacheIntegrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=" + }, + "registry": "npm", + "hash": "bad-hash" +} diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json new file mode 100644 index 0000000000..c129437073 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json @@ -0,0 +1,4 @@ +{ + "name": "safe-buffer", + "version": "5.1.1" +} diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/package.json b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/package.json new file mode 100644 index 0000000000..8eede4b5ce --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/package.json @@ -0,0 +1,14 @@ +{ + "name": "install-update-auth-invalid-cache-integrity", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/yarn.lock b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/yarn.lock new file mode 100644 index 0000000000..852a1f4378 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-hash/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + integrity "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=" diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json new file mode 100644 index 0000000000..4ccfbabb09 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json @@ -0,0 +1,19 @@ +{ + "manifest": { + "name": "safe-buffer", + "version": "5.1.1" + }, + "artifacts": [], + "remote": { + "resolved": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853", + "type": "tarball", + "reference": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz", + "hash": "893312af69b2123def71f57889001671eeb2c853", + "integrity": "sha1-bar", + "registry": "npm", + "packageName": "safe-buffer", + "cacheIntegrity": "sha512-foo sha1-bar" + }, + "registry": "npm", + "hash": "893312af69b2123def71f57889001671eeb2c853" +} diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json new file mode 100644 index 0000000000..c129437073 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json @@ -0,0 +1,4 @@ +{ + "name": "safe-buffer", + "version": "5.1.1" +} diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/package.json b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/package.json new file mode 100644 index 0000000000..8eede4b5ce --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/package.json @@ -0,0 +1,14 @@ +{ + "name": "install-update-auth-invalid-cache-integrity", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/yarn.lock b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/yarn.lock new file mode 100644 index 0000000000..852a1f4378 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-invalid-cache-integrity/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + integrity "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=" diff --git a/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/.yarn-metadata.json b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/.yarn-metadata.json new file mode 100644 index 0000000000..463bded466 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/.yarn-metadata.json @@ -0,0 +1,17 @@ +{ + "manifest": { + "name": "safe-buffer", + "version": "5.1.1" + }, + "remote": { + "resolved": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853", + "type": "tarball", + "reference": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz", + "hash": "893312af69b2123def71f57889001671eeb2c853", + "registry": "npm", + "packageName": "safe-buffer", + "cacheIntegrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=" + }, + "registry": "npm", + "hash": "893312af69b2123def71f57889001671eeb2c853" +} diff --git a/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/package.json b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/package.json new file mode 100644 index 0000000000..c129437073 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853/node_modules/safe-buffer/package.json @@ -0,0 +1,4 @@ +{ + "name": "safe-buffer", + "version": "5.1.1" +} diff --git a/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/package.json b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/package.json new file mode 100644 index 0000000000..308b3bb6df --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/package.json @@ -0,0 +1,9 @@ +{ + "name": "install-update-auth-no-integrity-field", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/yarn.lock b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/yarn.lock new file mode 100644 index 0000000000..2cb9827a12 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-no-integrity-field-with-cache/yarn.lock @@ -0,0 +1,7 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" diff --git a/__tests__/fixtures/install/install-update-auth-sha1-safebuffer/package.json b/__tests__/fixtures/install/install-update-auth-sha1-safebuffer/package.json new file mode 100644 index 0000000000..baea96337e --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha1-safebuffer/package.json @@ -0,0 +1,14 @@ +{ + "name": "install-update-auth-sha512", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-sha1-safebuffer/yarn.lock b/__tests__/fixtures/install/install-update-auth-sha1-safebuffer/yarn.lock new file mode 100644 index 0000000000..b852d6c68a --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha1-safebuffer/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + integrity sha1-iTMSr2myEj3vcfV4iQAWce6yyFM= diff --git a/__tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json new file mode 100644 index 0000000000..631b0f084a --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json @@ -0,0 +1,19 @@ +{ + "manifest": { + "name": "safe-buffer", + "version": "5.1.1" + }, + "artifacts": [], + "remote": { + "resolved": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853", + "type": "tarball", + "reference": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz", + "hash": "893312af69b2123def71f57889001671eeb2c853", + "integrity": "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=", + "registry": "npm", + "packageName": "safe-buffer", + "cacheIntegrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=" + }, + "registry": "npm", + "hash": "893312af69b2123def71f57889001671eeb2c853" +} diff --git a/__tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json new file mode 100644 index 0000000000..c129437073 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json @@ -0,0 +1,4 @@ +{ + "name": "safe-buffer", + "version": "5.1.1" +} diff --git a/__tests__/fixtures/install/install-update-auth-sha1-with-cache/package.json b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/package.json new file mode 100644 index 0000000000..baea96337e --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/package.json @@ -0,0 +1,14 @@ +{ + "name": "install-update-auth-sha512", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-sha1-with-cache/yarn.lock b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/yarn.lock new file mode 100644 index 0000000000..b852d6c68a --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha1-with-cache/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + integrity sha1-iTMSr2myEj3vcfV4iQAWce6yyFM= diff --git a/__tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json new file mode 100644 index 0000000000..631b0f084a --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/.yarn-metadata.json @@ -0,0 +1,19 @@ +{ + "manifest": { + "name": "safe-buffer", + "version": "5.1.1" + }, + "artifacts": [], + "remote": { + "resolved": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853", + "type": "tarball", + "reference": "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz", + "hash": "893312af69b2123def71f57889001671eeb2c853", + "integrity": "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=", + "registry": "npm", + "packageName": "safe-buffer", + "cacheIntegrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== sha1-iTMSr2myEj3vcfV4iQAWce6yyFM=" + }, + "registry": "npm", + "hash": "893312af69b2123def71f57889001671eeb2c853" +} diff --git a/__tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json new file mode 100644 index 0000000000..c129437073 --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/.yarn-cache/v6/npm-safe-buffer-5.1.1-893312af69b2123def71f57889001671eeb2c853-integrity/node_modules/safe-buffer/package.json @@ -0,0 +1,4 @@ +{ + "name": "safe-buffer", + "version": "5.1.1" +} diff --git a/__tests__/fixtures/install/install-update-auth-sha512-with-cache/package.json b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/package.json new file mode 100644 index 0000000000..baea96337e --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/package.json @@ -0,0 +1,14 @@ +{ + "name": "install-update-auth-sha512", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "safe-buffer": "^5.1.1" + } +} diff --git a/__tests__/fixtures/install/install-update-auth-sha512-with-cache/yarn.lock b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/yarn.lock new file mode 100644 index 0000000000..ab73b927de --- /dev/null +++ b/__tests__/fixtures/install/install-update-auth-sha512-with-cache/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +safe-buffer@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + integrity sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg== diff --git a/src/fetchers/tarball-fetcher.js b/src/fetchers/tarball-fetcher.js index 19fc5b912b..8d1a452262 100644 --- a/src/fetchers/tarball-fetcher.js +++ b/src/fetchers/tarball-fetcher.js @@ -352,7 +352,7 @@ export default class TarballFetcher extends BaseFetcher { return {integrity: null, algorithms}; } - const algorithms = new Set(['sha512']); + const algorithms = new Set(['sha512', 'sha1']); const integrity = {}; for (const algorithm of expectedIntegrityAlgorithms) { if (isHashAlgorithmSupported(algorithm)) { diff --git a/src/package-fetcher.js b/src/package-fetcher.js index 077f4c6d2a..0582dc6c57 100644 --- a/src/package-fetcher.js +++ b/src/package-fetcher.js @@ -4,7 +4,7 @@ import type {FetchedMetadata, Manifest, PackageRemote} from './types.js'; import type {Fetchers} from './fetchers/index.js'; import type PackageReference from './package-reference.js'; import type Config from './config.js'; -import {MessageError} from './errors.js'; +import {MessageError, SecurityError} from './errors.js'; import * as fetchers from './fetchers/index.js'; import * as fs from './util/fs.js'; import * as promise from './util/promise.js'; @@ -25,15 +25,15 @@ async function fetchCache( if (remote.integrity) { if (!cacheIntegrity || !ssri.parse(cacheIntegrity).match(remote.integrity)) { - // eslint-disable-next-line yarn-internal/warn-language - throw new MessageError('Incorrect integrity when fetching from the cache'); + throw new SecurityError( + config.reporter.lang('fetchBadIntegrityCache', pkg.name, cacheIntegrity, remote.integrity), + ); } } if (remote.hash) { if (!cacheHash || cacheHash !== remote.hash) { - // eslint-disable-next-line yarn-internal/warn-language - throw new MessageError('Incorrect integrity when fetching from the cache'); + throw new SecurityError(config.reporter.lang('fetchBadHashCache', pkg.name, cacheHash, remote.hash)); } } diff --git a/src/reporters/lang/en.js b/src/reporters/lang/en.js index 410aca85e3..100c1692e9 100644 --- a/src/reporters/lang/en.js +++ b/src/reporters/lang/en.js @@ -346,6 +346,10 @@ const messages = { requestError: 'Request $0 returned a $1', requestFailed: 'Request failed $0', tarballNotInNetworkOrCache: '$0: Tarball is not in network and can not be located in cache ($1)', + fetchBadIntegrityCache: + 'Incorrect integrity when fetching from the cache for $0. Cache has $1 and remote has $2. Run `yarn cache clean` to fix the problem', + fetchBadHashCache: + 'Incorrect hash when fetching from the cache for $0. Cache has $1 and remote has $2. Run `yarn cache clean` to fix the problem', fetchBadHashWithPath: "Integrity check failed for $0 (computed integrity doesn't match our records, got $2)", fetchBadIntegrityAlgorithm: 'Integrity checked failed for $0 (none of the specified algorithms are supported)', fetchErrorCorrupt: From 8a8ce2df284264e00425e3cf32ecca22942a88d6 Mon Sep 17 00:00:00 2001 From: mbpreble Date: Mon, 7 Oct 2019 10:19:11 -0500 Subject: [PATCH 45/49] Resolves folder options (i.e. --modules-folder) relative to cwd (#7074) (#7607) * Prevents potentially surprising behavior and data loss * Includes integration test verifying that user-reported data loss scenario does not occur --- __tests__/integration.js | 33 +++++++++++++++++++++++++++++++++ src/cli/index.js | 17 +++++++++++------ 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/__tests__/integration.js b/__tests__/integration.js index faf6869138..eda727e896 100644 --- a/__tests__/integration.js +++ b/__tests__/integration.js @@ -560,3 +560,36 @@ test('yarn init -y', async () => { const manifestFile = await fs.readFile(path.join(cwd, 'package.json')); expect(manifestFile).toEqual(initialManifestFile); }); + +test('--modules-folder option', async () => { + /** + * The behavior of --modules-folder (and other folder options) was that it resolved relative not to the current + * working directory, but instead to the closest project root (folder containing a package.json file). + * + * This behavior was at best surprising and could result in data loss. This test captures a scenario in which + * there would previously have been data loss, demonstrating the fix for --modules-folder and other folder options. + * + */ + const projectFolder = await makeTemp(); + const libraryFolder = path.join(projectFolder, 'lib'); + + const initialManifestFile = JSON.stringify({name: 'test', license: 'ISC', version: '1.0.0'}); + const importantData = 'I definitely care about this file!'; + + await fs.writeFile(`${projectFolder}/package.json`, initialManifestFile); + await fs.writeFile(`${projectFolder}/IMPORTANT_FILE.txt`, importantData); + await fs.mkdirp(libraryFolder); + + const options = {cwd: libraryFolder}; + + // This yarn command fails with the previous behavior, the rest of the test is defense in depth + await runYarn(['add', 'left-pad', '--modules-folder', '.'], options); + + // Dependencies should have been installed in the 'lib' folder + const libraryFolderContents = await fs.readdir(`${libraryFolder}`); + expect(libraryFolderContents).toContain('left-pad'); + + // Additionally, there should have not been any data loss in the project folder + const importantFile = await fs.readFile(`${projectFolder}/IMPORTANT_FILE.txt`); + expect(importantFile).toBe(importantData); +}); diff --git a/src/cli/index.js b/src/cli/index.js index 29ed981060..58103360b2 100644 --- a/src/cli/index.js +++ b/src/cli/index.js @@ -509,21 +509,26 @@ export async function main({ const cwd = command.shouldRunInCurrentCwd ? commander.cwd : findProjectRoot(commander.cwd); + const folderOptionKeys = ['linkFolder', 'globalFolder', 'preferredCacheFolder', 'cacheFolder', 'modulesFolder']; + + // Resolve all folder options relative to cwd + const resolvedFolderOptions = {}; + folderOptionKeys.forEach(folderOptionKey => { + const folderOption = commander[folderOptionKey]; + const resolvedFolderOption = folderOption ? path.resolve(commander.cwd, folderOption) : folderOption; + resolvedFolderOptions[folderOptionKey] = resolvedFolderOption; + }); + await config .init({ cwd, commandName, - + ...resolvedFolderOptions, enablePnp: commander.pnp, disablePnp: commander.disablePnp, enableDefaultRc: commander.defaultRc, extraneousYarnrcFiles: commander.useYarnrc, binLinks: commander.binLinks, - modulesFolder: commander.modulesFolder, - linkFolder: commander.linkFolder, - globalFolder: commander.globalFolder, - preferredCacheFolder: commander.preferredCacheFolder, - cacheFolder: commander.cacheFolder, preferOffline: commander.preferOffline, captureHar: commander.har, ignorePlatform: commander.ignorePlatform, From 6e5b0ea0dc15bef7d2abd67a46adbe7efe533404 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Tue, 8 Oct 2019 13:37:10 +0200 Subject: [PATCH 46/49] Update CHANGELOG.md --- CHANGELOG.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7685589483..e8abad40eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,22 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +## 1.19.1 + +**Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. + +- Computes the `--modules-folder` & friends paths based on the cwd. + + [#7607](https://github.com/yarnpkg/yarn/pull/7607) - [**mbpreble**](https://github.com/mbpreble) + +- Stores the sha512 in the cache even when not provided by the server. + + [#7591](https://github.com/yarnpkg/yarn/pull/7591) - [**Maël Nison**](https://twitter.com/arcanis) / [#7595](https://github.com/yarnpkg/yarn/pull/7595) - [**Michael**](https://github.com/Blasz) + +- Uses the right Node binary when using `yarn-path`. + + [#7592](https://github.com/yarnpkg/yarn/pull/7592) - [**Maël Nison**](https://twitter.com/arcanis) + ## 1.19.0 **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. From 79a96e31321e58e650e5e879bef52d57dda746af Mon Sep 17 00:00:00 2001 From: Jeff Valore Date: Wed, 30 Oct 2019 18:43:24 -0400 Subject: [PATCH 47/49] fix(run): add cwd/node_modules/.bin to run command search path (#7151) * fix(run): change run command to check cwd/node_modules/.bin for commands. Fixes run in workspaces. This fixes a bug that was introduced in #6850 where the bin path was being built only from `config.lockfileFolder`. However in workspaces, bins may not be hoisted to the workspace root, causing bins to not be found. This change adds `config.cwd` to the bin search path, so the `yarn run` command will look in a workspace package's node_modules, as well as the workspace root. fixes #7126 * modify chagelog --- CHANGELOG.md | 4 ++ __tests__/commands/run.js | 10 ++++ .../package.json.bin | 56 ++++++++++++++++++ .../GET/registry.yarnpkg.com/is-pnp.bin | 18 ++++++ .../is-pnp/-/is-pnp-1.0.2.tgz.bin | Bin 0 -> 2033 bytes .../run/nohoist-workspace/package.json | 5 ++ .../packages/pkg1/node_modules/.bin/cat-names | 0 .../packages/pkg1/package.json | 1 + src/cli/commands/run.js | 1 + 9 files changed, 95 insertions(+) create mode 100644 __tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/f139bd887dea8e48c46fd7fcfe42b5ffc53d79dd/package.json.bin create mode 100644 __tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin create mode 100644 __tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin create mode 100644 __tests__/fixtures/run/nohoist-workspace/package.json rename __tests__/fixtures/run/{workspace => nohoist-workspace}/packages/pkg1/node_modules/.bin/cat-names (100%) create mode 100644 __tests__/fixtures/run/nohoist-workspace/packages/pkg1/package.json diff --git a/CHANGELOG.md b/CHANGELOG.md index e8abad40eb..8d4f72db86 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Change run command to check cwd/node_modules/.bin for commands. Fixes run in workspaces. + + [#7151](https://github.com/yarnpkg/yarn/pull/7151) - [**Jeff Valore**](https://twitter.com/codingwithspike) + ## 1.19.1 **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. diff --git a/__tests__/commands/run.js b/__tests__/commands/run.js index 2bad11ef51..35a1221e56 100644 --- a/__tests__/commands/run.js +++ b/__tests__/commands/run.js @@ -207,6 +207,16 @@ test('adds workspace root node_modules/.bin to path when in a workspace', (): Pr expect(envPaths).toContain(path.join(config.cwd, 'packages', 'pkg1', 'node_modules', '.bin')); })); +test('adds cwd node_modules/.bin to path when in a workspace usig nohoist', (): Promise => + runRunInWorkspacePackage('packages/pkg1', ['env'], {}, 'nohoist-workspace', (config, reporter): ?Promise => { + const logEntry = reporter.getBuffer().find(entry => entry.type === 'log'); + const parsedLogData = JSON.parse(logEntry ? logEntry.data.toString() : '{}'); + const envPaths = (parsedLogData.PATH || parsedLogData.Path).split(path.delimiter); + + expect(envPaths).toContain(path.join(config.cwd, 'node_modules', '.bin')); + expect(envPaths).toContain(path.join(config.cwd, 'packages', 'pkg1', 'node_modules', '.bin')); + })); + test('runs script with custom script-shell', (): Promise => runRunWithCustomShell('/usr/bin/dummy', ['start'], {}, 'script-shell', async (config): ?Promise => { const pkg = await fs.readJson(path.join(config.cwd, 'package.json')); diff --git a/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/f139bd887dea8e48c46fd7fcfe42b5ffc53d79dd/package.json.bin b/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/f139bd887dea8e48c46fd7fcfe42b5ffc53d79dd/package.json.bin new file mode 100644 index 0000000000..e0be38d90e --- /dev/null +++ b/__tests__/fixtures/request-cache/GET/gitlab.com/leanlabsio/kanban/raw/f139bd887dea8e48c46fd7fcfe42b5ffc53d79dd/package.json.bin @@ -0,0 +1,56 @@ +HTTP/1.1 200 OK +Server: nginx +Date: Wed, 27 Mar 2019 12:51:12 GMT +Content-Type: text/plain; charset=utf-8 +Content-Length: 1181 +Cache-Control: max-age=3600, public +Content-Disposition: inline +Etag: W/"78309fbf8af4479c47eca65b0c5e3f51" +X-Content-Type-Options: nosniff +X-Frame-Options: DENY +X-Request-Id: kTsEGIR9zSa +X-Runtime: 0.099649 +X-Ua-Compatible: IE=edge +X-Xss-Protection: 1; mode=block +Strict-Transport-Security: max-age=31536000 +Content-Security-Policy: object-src 'none'; worker-src https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://gitlab.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com; style-src 'self' 'unsafe-inline' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net; img-src * data: blob:; frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://*.codesandbox.io; frame-ancestors 'self'; connect-src 'self' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net wss://gitlab.com https://sentry.gitlab.net https://customers.gitlab.com https://snowplow.trx.gitlab.net + +{ + "name": "kanban", + "version": "0.0.1", + "repository": "gitlab.com/leanlabsio/kanban", + "scripts": { + "install": "npm install", + "build": "grunt build", + "watch": "grunt watch" + }, + "devDependencies": { + "grunt": "~0.4.1", + "grunt-cli": "~0.1.13", + "grunt-contrib-copy": "^0.5.0", + "grunt-contrib-concat": "~0.5.0", + "grunt-contrib-watch": "~0.5.3", + "grunt-contrib-uglify": "~0.7.0", + "grunt-sass": "1.0.0", + "grunt-contrib-connect": "~0.8.0", + "grunt-connect-proxy": "~0.1.11" + }, + "dependencies": { + "angular": "=1.5.6", + "angular-lodash": "https://github.com/EMSSConsulting/angular-lodash.git#68a726c", + "foundation-sites": "5.5.2", + "angular-foundation": "https://github.com/pineconellc/angular-foundation.git#8f3f260", + "angular-loading-bar": "=0.5.2", + "angular-storage": "=0.0.6", + "angular-ui-router": "=0.3.0", + "angularjs-datepicker": "=0.2.15", + "font-awesome": "=4.6.3", + "markdown-it": "=5.0.2", + "markdown-it-emoji": "=1.1.0", + "ng-sortable": "=1.3.6", + "sass-flex-mixin": "=1.0.3", + "lodash": "=4.13.1", + "twemoji": "=2.1.0", + "angular-file-upload": "=2.3.4" + } +} diff --git a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin new file mode 100644 index 0000000000..73976105f8 --- /dev/null +++ b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp.bin @@ -0,0 +1,18 @@ +HTTP/1.1 200 OK +Date: Wed, 27 Mar 2019 12:49:49 GMT +Content-Type: application/vnd.npm.install-v1+json +Content-Length: 4072 +Connection: keep-alive +Set-Cookie: __cfduid=d2e7739722b1e2621b032ee7a09984edd1553690988; expires=Thu, 26-Mar-20 12:49:48 GMT; path=/; domain=.registry.yarnpkg.com; HttpOnly +CF-Cache-Status: REVALIDATED +Cache-Control: max-age=300 +CF-Ray: 4be17c86d97f56c3-IAD +Accept-Ranges: bytes +ETag: "49fffc656197ace1f624570132931c23" +Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" +Last-Modified: Thu, 01 Nov 2018 01:11:09 GMT +Vary: accept-encoding, accept +x-amz-meta-rev: 3-72d30e72712ca5e8a55f6613d7a30236 +Server: cloudflare + +{"versions":{"1.0.0":{"name":"is-pnp","version":"1.0.0","bin":{"is-pnp":"./bin.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"47d3d7151df242eb7ca4768fc2e7f6228871899a","integrity":"sha512-Lx0Sh5h20HtLz+xnlh4NRhQ6w231tGN4yuU3oBi6vn7oSbiIk2V4sqoIn00bczm9ojwkFPzzFUeSOIKEgYpszA==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.0.tgz","fileCount":5,"unpackedSize":2268,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lGmCRA9TVsSAnZWagAARHYP/1botUA//2RoqJEP3nHB\nnQ0G1qhSYL685aLgZTWJW9pS3ucPzxxeofbnByOsbSjUqycwsHBqL/DDeYsq\nz3b0dmfcfESK+CSafYECSnj8kPJH5N5VU2UXs+A+wLEM0D0nSe4wfJLVptA0\nrOpeYrkfwX8ZC1EGLGvQM4cMqpk3Ji6RBZHtD0U/ttYR3A0vP5P76oO2/tBl\n3QSK3nJSpU83OkMBPVY3hnDrGkCjJqwvcqWoWUG0/BtHS5KYD99yrxFAzT5f\nMhtqCZiediDcGtrMhP5b0VAkqdrwFPg/tZPpgqYCevR+2ipWhkxhD0Z4yyx1\n2AuJnEoQKRiBiFPIv5aiJZD9Jj00iey4tdQ1NcXnRtAA16Lo0t4MX/OnkyJW\nBfcSd795mVpe4AO9u6bqMDZfkQrBRunxa7OKKCEXUGihm0YNtTWKat5ym1ia\n9H9Bwlgm3GoFAuHQMu07ZEwidLpWoQfjrTUOufw+/rKNSIRoMNuL3Z/8i4Hj\nazYRMgdzb9rkf6+F7LLJKnyZaDY/bS/KIb61LdkfkX8JCcKUfhVAd5KIvI4e\nAwLAUfHwWM2u2smbexFzvgvXnNFmVrcCGBbMcIrQ+JfiJ+izFVJ7YyLY+Fpt\nwxbV0Vug6gyYDyDtjFCdeL2wFmgR3+nASXWFY4CZ+ZoFX+ontSZ4U5b9PTIs\n1ojq\r\n=DAoM\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}},"1.0.1":{"name":"is-pnp","version":"1.0.1","bin":{"is-pnp":"./sources/cli.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"ec0e4e443287214ce90bcb6fcd112d20de51f120","integrity":"sha512-uwFQ9SabYoNJwZnDqHUs+WTPvegmoLHjVQqkX4+MiKSjhRBRk+n/zKBAex4yvWnzbN352W7FUuYX8L5yEVmiVA==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.1.tgz","fileCount":5,"unpackedSize":2276,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lJICRA9TVsSAnZWagAAX2IP/jE0+3aAdO7cu9DXNJnb\njoi3rDo8CRfARhWbJRhUj7omDxeP37U3dIIkK69AL8XZSPPUQ8o2uH1AOjZB\niI8cp0IX4bgalRXzEWPj3v8l3z6/BwJoUXy7N5ugdxron+AYj4kS4I1jI6Pa\nUo3z096sc8zAgXFE00RiKwUBGNw+4xpg0yVri/vXpezsahi8r4qZbrc9/hr3\nWzoIK6GwQnGpn5FEhdiuPbB0QiZvalYHn5v2IWtMpQG4ed6jM/vSBAqKqkFv\n95McUD13wz7iJ59BaJHwbypD/WFWz34ZBPZ8QpONk6UAJ2IZwh6J2Wj44k7a\nNtiEj3xo3A5stikfELI//H0AruTI6sSI++EJ8YvHQUj73s6kG0Z/FzPptgKp\nKYLSqXNAC/zHiId1s7uj+jsCLXIm4G2bPQUTsDMfejDS6TfjAVO2COxRF34q\ncLGzYFL1/R+/hO4ckoLl7vz6Vm/zSlMaxZPDUFDy8d0ScxHZOL+760cdIhjT\nr1XGyXAmyjGLWTHvA6sE5X0H0PgghQErsLYXi679KBdnZjN2+Xcmv0pNIqbg\nwS7SBjV+KGpc1PnwtZdfvZcegvY+252zsBvRye9/hcQ0Rdmetbod8XicA3Bw\nuTLC2N9opHeTI7a9bKrACXkSApJftjzYSfnycb27r9bgIAY6BeNhr7JFEMKV\nnxUD\r\n=8Blc\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}},"1.0.2":{"name":"is-pnp","version":"1.0.2","bin":{"is-pnp":"./sources/cli.js"},"_hasShrinkwrap":false,"directories":{},"dist":{"shasum":"cbe5d6ad751897822fd92539ac5cfa37c04f3852","integrity":"sha512-BzoewUq0EZFJYKlYpObv2xRdTRJQXwMLbk2Y5l8Dhl0EQGPhdPrSdBlQaAT46gIKjAkNBNScDiUDbuBCTDNCsQ==","tarball":"https://registry.npmjs.org/is-pnp/-/is-pnp-1.0.2.tgz","fileCount":5,"unpackedSize":2282,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJb2lKpCRA9TVsSAnZWagAAkFcP+QHfioEIu01ww57y/Jnw\neOtM4JPvx0hDMKxMBKSyvVHmjZKwqxvkAnqdyybHts7i6auvuuMKDO43oaRO\n5GY5i/u29arwBKnPgeVrC6TUnbVxiSP4KBtfzRs3YCXbQ0MfSPmXiH4nzzi/\ngWeNGutgCAbefJjB0eahVCUgO7DL+sM8kEt2iNSDM1gKUDSVq5yvsZD20tX+\n/60eLG4xtz/2zXDKjoqo+DZtvW9kdLJ6TlvbDU1mt1OBSzkTiakIe1XXymVT\n+gRC0QGKGMP+YJG+VothHez/JAagl/92c/JDsb54HkW/OkUKCHFyUAw0P3h1\n46p0vEr54rHa7wT6O0fKg7q+MN1mMOKR3wO258LQW20n+DQJK1hxcJOkk+xf\n6iOa2d6Ywox9yT9B/V555BEZ2fYbnNb4gw+oo3/YyJcZ1Ooadt5kvEyDb67+\ntOaOMBXZh7/FR8EghwBBqlOndWCD4OQYVXVCwIdf/PFyUtB1+Obd4/1H+Dkw\nmg01pi7jYHG8mKLIMNdjggWi966nJ3fZqBDLW0eRtFzCbe+8VSOPKGRSHHnI\n99SD9oY/dgmimcakZ3hInuGlMGf0UrSLjHwi24y0ae1O0AlnQz0bXU0qHAH2\nH/Npr3zjOcAULwvHqtu2l1mNv/PX8GtafyybiMaXBcERearcUN/48tbvcbFX\nZmBP\r\n=z5fE\r\n-----END PGP SIGNATURE-----\r\n"},"engines":{"node":">=6"}}},"name":"is-pnp","dist-tags":{"latest":"1.0.2"},"modified":"2018-11-01T01:11:07.975Z"} \ No newline at end of file diff --git a/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin b/__tests__/fixtures/request-cache/GET/registry.yarnpkg.com/is-pnp/-/is-pnp-1.0.2.tgz.bin new file mode 100644 index 0000000000000000000000000000000000000000..980bdfcbeca11ce65cd304d5a33eb4b5fb2ea9a5 GIT binary patch literal 2033 zcmY*X2~bnl8YUp>iv|JF8Wp*yU|I-S$#NmB5M|$uC{V%6&CMc^gm6I-Y#I_W=7YL3N5b%7t3`JxpS&*y1f+2+> zT?#{}R4${)VH82hS*Q|$GCs#eATlv30RbA5%J_uJ5O_Kq1kw;hL59+$IS2v24$I`r zTAgPS!qeR3~jBu_`E~Jzx(!@Tn zJi`wNK~Y7tEIk*a8${+qummBmLm@Of3j`uV*R8|gPuR2*N_jd6WI)@2J2Cng)P6{lPkzuivl8QhuHa^V2>AEnA^@xD7P;#VPC>2Q& zAqaf(lu84l6t2X5G4qFZcD%u@NT8E zZ9bj(Pd46@-C{XDmGim=iG7!2JiIiUfKEC|A2;W;2S2{ney!T*oWZCH4LES0$aj+r zC#6&LD?C=6Z8`FI2qir##Hr7Z?YKJ{3)UvMTrB_nK{p(Bd~kdJAK&NKTfRQ79+Yi8 zx61W#>keD;@j-4bE*h-pY5XD1B~~MtI<6Zvw>fqQu^u}{R!41H+8S>f!9eZF6OyETyv~0KykU3O0JCT zqyCmxwb@mc869{Ycz!ES&Q7=jFW(tk>@&9^&+fshukaA*Ca>+=An)A6aq-vZeKAAi zANe+{z)-a;o*6kF*br7~Z%|WK$KnTI&cePC2a`nmUx#avb6SP^`T}6eWGa7c8WB;t z_ckyaXi!1>JtLvwfkPTA&p&AbZ6ldmQp~MLHstbgDhse7ZI7Bul5-B+J=T4utk9EB~@YWlsU%TB<138H*j&6v?j!1 zNp_g_Oi*R-dfT07BED?(ivg&6KDa-+zN4o{8rBt9yff^^^;7Mk?yJ^Et#^vJO)J>U z?YCQd=c}PvIqQ!&dhGuf`H{<)w+9O-Eh{d$n0gMmuZ&G|)_l3Hq(zxD7SVjVZet*_ z=DuJ-q)adAd2TBCGra5^aU|Y*p!Bbp;Y5#xPSH=rWLA#l-~&bGq+6Atv#SBsq<(D{jXJi^f4ff=1 zZFh1KPcXXXTo^RE6(Pp#q}B57?OiX|C{-WLa@TRo4l6N!7qU^?6k3*Cen;}>Yu)I{ z2-aQeJKublvWov%o52^>i|3t(?^^R`j{KzhNSr#e$gT0>;HjKPcfW2xC`IRQYb(WU!;s^7yld@&zybo3teyG3Y{jO&11q(t+IrafZ95`#VS!!eR EH-4RT=>Px# literal 0 HcmV?d00001 diff --git a/__tests__/fixtures/run/nohoist-workspace/package.json b/__tests__/fixtures/run/nohoist-workspace/package.json new file mode 100644 index 0000000000..c4ac3364a3 --- /dev/null +++ b/__tests__/fixtures/run/nohoist-workspace/package.json @@ -0,0 +1,5 @@ +{ + "workspaces": [ + "packages/*" + ] +} diff --git a/__tests__/fixtures/run/workspace/packages/pkg1/node_modules/.bin/cat-names b/__tests__/fixtures/run/nohoist-workspace/packages/pkg1/node_modules/.bin/cat-names similarity index 100% rename from __tests__/fixtures/run/workspace/packages/pkg1/node_modules/.bin/cat-names rename to __tests__/fixtures/run/nohoist-workspace/packages/pkg1/node_modules/.bin/cat-names diff --git a/__tests__/fixtures/run/nohoist-workspace/packages/pkg1/package.json b/__tests__/fixtures/run/nohoist-workspace/packages/pkg1/package.json new file mode 100644 index 0000000000..0967ef424b --- /dev/null +++ b/__tests__/fixtures/run/nohoist-workspace/packages/pkg1/package.json @@ -0,0 +1 @@ +{} diff --git a/src/cli/commands/run.js b/src/cli/commands/run.js index 8226636765..33c90d5999 100644 --- a/src/cli/commands/run.js +++ b/src/cli/commands/run.js @@ -31,6 +31,7 @@ export async function getBinEntries(config: Config): Promise // Setup the node_modules/.bin folders for analysis for (const registryFolder of config.registryFolders) { + binFolders.add(path.resolve(config.cwd, registryFolder, '.bin')); binFolders.add(path.resolve(config.lockfileFolder, registryFolder, '.bin')); } From 730d3906f2d3a3f30b4e93fbf8fa2c1d3a44882c Mon Sep 17 00:00:00 2001 From: Sander Verweij Date: Thu, 7 Nov 2019 11:39:18 +0100 Subject: [PATCH 48/49] ci(circleci): prevent timeout on circle-ci macos node10 build (#7651) The circle ci job for macOS on node 10 currently fails because it takes too long (both PR's #7649 and #7650 don't green because of that). A big chunk of the time is taken by updating homebrew - which in this macOS (the one connected to xcode 9 => macOS 10.12) does not contain node 10 by default. This change: - sets the required xcode version to 11.0 -> this gets us a more up to date macOS version (except for node 6, which isn't available in the homebrew associated with xcode 11) - removes the brew update from the macOS node 10 job --- .circleci/config.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index bd6f6f0dd9..4f2d881eff 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ docker_defaults: &docker_defaults macos_defaults: &macos_defaults macos: - xcode: "9.0" + xcode: "11.0" working_directory: ~/project/yarn attach_workspace: &attach_workspace @@ -155,7 +155,6 @@ jobs: name: Install Node 10 command: | brew uninstall --ignore-dependencies node - brew update HOMEBREW_NO_AUTO_UPDATE=1 brew install node@10 brew link --overwrite --force node@10 [[ $(node --version) =~ ^v10\. ]] @@ -177,6 +176,8 @@ jobs: - *test_run test-macos-node6: <<: *macos_defaults + macos: + xcode: "9.0" steps: - run: name: Install Node 6 From 1ec3190a4c1077f14fa7e9689ca06ad394be131f Mon Sep 17 00:00:00 2001 From: Sander Verweij Date: Thu, 7 Nov 2019 11:39:42 +0100 Subject: [PATCH 49/49] make running with Plug'n Play possible on node 13 (#7650) * ci(circleci): prevent timeout on circle-ci macos node10 build The circle ci job for macOS on node 10 currently fails because it takes too long (both PR's #7649 and #7650 don't green because of that). A big chunk of the time is taken by updating homebrew - which in this macOS (the one connected to xcode 9 => macOS 10.12) does not contain node 10 by default. This change: - sets the required xcode version to 11.0 -> this gets us a more up to date macOS version (except for node 6, which isn't available in the homebrew associated with xcode 11) - removes the brew update from the macOS node 10 job * fix(generate-pnp-map-api.tpl.js): make running with Plug'n Play possible on node 13 On node 13 Module._findPath (which the setup() of this module redefines) also gets called with null for the path parameter (by lib/internal/bootstrap/pre_execution.js in the (new) function resolveMainPath). This fix ensures the patched _findPath also handles that situation. * ci(azure-pipelines): add node 13 (and 12) to the azure-pipeline matrix #7642 * ci(circleci): add node 13 (and 12) to the build matrix (linux) * docs(CHANGELOG.md): adds PR #7650 to the change log --- .circleci/config.yml | 42 ++++++++++++++++++++++++++++ CHANGELOG.md | 5 ++++ azure-pipelines.yml | 12 ++++++++ src/util/generate-pnp-map-api.tpl.js | 2 +- 4 files changed, 60 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4f2d881eff..73cd559039 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -122,6 +122,16 @@ jobs: root: ~/project paths: - yarn + test-pkg-tests-linux-node13: + <<: *docker_defaults + docker: + - image: node:13 + <<: *pkg_tests + test-pkg-tests-linux-node12: + <<: *docker_defaults + docker: + - image: node:12 + <<: *pkg_tests test-pkg-tests-linux-node10: <<: *docker_defaults docker: @@ -130,8 +140,20 @@ jobs: test-pkg-tests-linux-node8: <<: *docker_defaults <<: *pkg_tests + test-linux-node13: + <<: *docker_defaults + docker: + - image: node:13 + <<: *test_steps + test-linux-node12: + <<: *docker_defaults + docker: + - image: node:12 + <<: *test_steps test-linux-node10: <<: *docker_defaults + docker: + - image: node:10 <<: *test_steps test-linux-node8: <<: *docker_defaults @@ -249,6 +271,14 @@ workflows: filters: *default_filters requires: - install + - test-pkg-tests-linux-node13: + filters: *default_filters + requires: + - install + - test-pkg-tests-linux-node12: + filters: *default_filters + requires: + - install - test-pkg-tests-linux-node10: filters: *default_filters requires: @@ -257,6 +287,14 @@ workflows: filters: *default_filters requires: - install + - test-linux-node13: + filters: *default_filters + requires: + - install + - test-linux-node12: + filters: *default_filters + requires: + - install - test-linux-node10: filters: *default_filters requires: @@ -295,8 +333,12 @@ workflows: branches: ignore: /.*/ requires: + - test-pkg-tests-linux-node13 + - test-pkg-tests-linux-node12 - test-pkg-tests-linux-node10 - test-pkg-tests-linux-node8 + - test-linux-node13 + - test-linux-node12 - test-linux-node10 - test-linux-node8 - test-linux-node6 diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d4f72db86..d287c78698 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,15 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa ## Master +- Makes running scripts with Plug'n Play possible on node 13 + + [#7650](https://github.com/yarnpkg/yarn/pull/7650) - [**Sander Verweij**](https://github.com/sverweij) + - Change run command to check cwd/node_modules/.bin for commands. Fixes run in workspaces. [#7151](https://github.com/yarnpkg/yarn/pull/7151) - [**Jeff Valore**](https://twitter.com/codingwithspike) + ## 1.19.1 **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. diff --git a/azure-pipelines.yml b/azure-pipelines.yml index c7b5e0e000..01d9333f35 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -13,6 +13,10 @@ jobs: # node_version: 8.x node_10_x: node_version: 10.x + node_12_x: + node_version: 12.x + node_13_x: + node_version: 13.x steps: - template: scripts/azure-run-tests.yml @@ -30,6 +34,10 @@ jobs: node_version: 8.x node_10_x: node_version: 10.x + node_12_x: + node_version: 12.x + node_13_x: + node_version: 13.x steps: - template: scripts/azure-run-tests.yml @@ -47,6 +55,10 @@ jobs: node_version: 8.x node_10_x: node_version: 10.x + node_12_x: + node_version: 12.x + node_13_x: + node_version: 13.x steps: - template: scripts/azure-run-tests.yml diff --git a/src/util/generate-pnp-map-api.tpl.js b/src/util/generate-pnp-map-api.tpl.js index 835b6f85f1..c44db3605a 100644 --- a/src/util/generate-pnp-map-api.tpl.js +++ b/src/util/generate-pnp-map-api.tpl.js @@ -714,7 +714,7 @@ exports.setup = function setup() { return originalFindPath.call(Module, request, paths, isMain); } - for (const path of paths) { + for (const path of paths || []) { let resolution; try {