-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Notice: Node 10.16.x npm 6.9.0 upgrade npm ci
regression
#28987
Comments
/cc @isaacs any idea about this? |
FWIW it was mentioned in the first link:
|
Fixes the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. Fix: nodejs/node#28987 Fix: https://npm.community/t/npm-ci-doesnt-respect-npmrc-variables/6032 Fix: https://npm.community/t/npm-ci-doesnt-fill-anymore-the-process-env-npm-config-cache-variable-on-post-install-scripts/6658 Fix: https://npm.community/t/npm-ci-does-not-compile-native-dependencies-according-to-npmrc-configuration/6069 Fix: https://npm.community/t/npm-6-9-x-not-passing-environment-to-node-gyp-regression-from-6-4-x/9323/2
This will be fixed in the next npm release, most likely landing Tuesday 2019-06-20. |
This date is a in the past. Can you please check. |
Full release notes: A few meaty bugfixes, and introducing `peerDependenciesMeta`. FEATURES * [`a12341088`](npm/cli@a123410) [nodejs#224](npm/cli#224) Implements peerDependenciesMeta ([@arcanis](https://github.com/arcanis)) * [`2f3b79bba`](npm/cli@2f3b79b) [nodejs#234](npm/cli#234) add new forbidden 403 error code ([@claudiahdz](https://github.com/claudiahdz)) BUGFIXES * [`24acc9fc8`](npm/cli@24acc9f) and [`45772af0d`](npm/cli@45772af) [nodejs#217](npm/cli#217) [npm.community#8863](https://npm.community/t/installing-the-same-module-under-multiple-relative-paths-fails-on-linux/8863) [npm.community#9327](https://npm.community/t/reinstall-breaks-after-npm-update-to-6-10-2/9327,) do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages ([@isaacs](https://github.com/isaacs) and [@salomvary](https://github.com/salomvary)) * [`50cfe113d`](npm/cli@50cfe11) [nodejs#229](npm/cli#229) fixed typo in semver doc ([@gall0ws](https://github.com/gall0ws)) * [`e8fb2a1bd`](npm/cli@e8fb2a1) [nodejs#231](npm/cli#231) Fix spelling mistakes in CHANGELOG-3.md ([@XhmikosR](https://github.com/XhmikosR)) * [`769d2e057`](npm/cli@769d2e0) [npm/uid-number#7](npm/uid-number#7) Better error on invalid `--user`/`--group` configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. ([@isaacs](https://github.com/isaacs)) * [`8b43c9624`](npm/cli@8b43c96) [nodejs#28987](nodejs#28987) [npm.community#6032](https://npm.community/t/npm-ci-doesnt-respect-npmrc-variables/6032) [npm.community#6658](https://npm.community/t/npm-ci-doesnt-fill-anymore-the-process-env-npm-config-cache-variable-on-post-install-scripts/6658) [npm.community#6069](https://npm.community/t/npm-ci-does-not-compile-native-dependencies-according-to-npmrc-configuration/6069) [npm.community#9323](https://npm.community/t/npm-6-9-x-not-passing-environment-to-node-gyp-regression-from-6-4-x/9323/2) Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. ([@isaacs](https://github.com/isaacs)) * [`8b85eaa47`](npm/cli@8b85eaa) save files with inferred ownership rather than relying on `SUDO_UID` and `SUDO_GID`. ([@isaacs](https://github.com/isaacs)) * [`b7f6e5f02`](npm/cli@b7f6e5f) Infer ownership of shrinkwrap files ([@isaacs](https://github.com/isaacs)) * [`54b095d77`](npm/cli@54b095d) [nodejs#235](npm/cli#235) Add spec to dist-tag remove function ([@theberbie](https://github.com/theberbie)) DEPENDENCIES * [`dc8f9e52f`](npm/cli@dc8f9e5) `pacote@9.5.7`: Infer the ownership of all unpacked files in `node_modules`, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. ([@isaacs](https://github.com/isaacs)) * [`bb33940c3`](npm/cli@bb33940) `cmd-shim@3.0.0`: * [`9c93ac3`](npm/cmd-shim@9c93ac3) [#2](npm/cmd-shim#2) [npm#3380](npm/npm#3380) Handle environment variables properly ([@basbossink](https://github.com/basbossink)) * [`2d277f8`](npm/cmd-shim@2d277f8) [nodejs#25](npm/cmd-shim#25) [nodejs#36](npm/cmd-shim#36) [nodejs#35](npm/cmd-shim#35) Fix 'no shebang' case by always providing `$basedir` in shell script ([@igorklopov](https://github.com/igorklopov)) * [`adaf20b`](npm/cmd-shim@adaf20b) [nodejs#26](npm/cmd-shim#26) Fix `$*` causing an error when arguments contain parentheses ([@satazor](https://github.com/satazor)) * [`49f0c13`](npm/cmd-shim@49f0c13) [nodejs#30](npm/cmd-shim#30) Fix paths for MSYS/MINGW bash ([@dscho](https://github.com/dscho)) * [`51a8af3`](npm/cmd-shim@51a8af3) [nodejs#34](npm/cmd-shim#34) Add proper support for PowerShell ([@ExE-Boss](https://github.com/ExE-Boss)) * [`4c37e04`](npm/cmd-shim@4c37e04) [#10](npm/cmd-shim#10) Work around quoted batch file names ([@isaacs](https://github.com/isaacs)) * [`a4e279544`](npm/cli@a4e2795) `npm-lifecycle@3.1.3` ([@isaacs](https://github.com/isaacs)): * fail properly if `uid-number` raises an error * [`7086a1809`](npm/cli@7086a18) `libcipm@4.0.3` ([@isaacs](https://github.com/isaacs)) * [`8845141f9`](npm/cli@8845141) `read-package-json@2.1.0` ([@isaacs](https://github.com/isaacs)) * [`51c028215`](npm/cli@51c0282) `bin-links@1.1.3` ([@isaacs](https://github.com/isaacs)) * [`534a5548c`](npm/cli@534a554) `read-cmd-shim@1.0.3` ([@isaacs](https://github.com/isaacs)) * [`3038f2fd5`](npm/cli@3038f2f) `gentle-fs@2.2.1` ([@isaacs](https://github.com/isaacs)) * [`a609a1648`](npm/cli@a609a16) `graceful-fs@4.2.2` ([@isaacs](https://github.com/isaacs)) * [`f0346f754`](npm/cli@f0346f7) `cacache@12.0.3` ([@isaacs](https://github.com/isaacs)) * [`ca9c615c8`](npm/cli@ca9c615) `npm-pick-manifest@3.0.0` ([@isaacs](https://github.com/isaacs)) * [`b417affbf`](npm/cli@b417aff) `pacote@9.5.8` ([@isaacs](https://github.com/isaacs)) TESTS * [`b6df0913c`](npm/cli@b6df091) [nodejs#228](npm/cli#228) Proper handing of /usr/bin/node lifecycle-path test ([@olivr70](https://github.com/olivr70)) * [`aaf98e88c`](npm/cli@aaf98e8) `npm-registry-mock@1.3.0` ([@isaacs](https://github.com/isaacs))
Full changelog: 6.11.1 (2019-08-20): Fix a regression for windows command shim syntax. * [`37db29647`](npm/cli@37db296) `cmd-shim@3.0.2` ([@isaacs](https://github.com/isaacs)) v6.11.0 (2019-08-20): A few meaty bugfixes, and introducing `peerDependenciesMeta`. FEATURES * [`a12341088`](npm/cli@a123410) [nodejs#224](npm/cli#224) Implements peerDependenciesMeta ([@arcanis](https://github.com/arcanis)) * [`2f3b79bba`](npm/cli@2f3b79b) [nodejs#234](npm/cli#234) add new forbidden 403 error code ([@claudiahdz](https://github.com/claudiahdz)) BUGFIXES * [`24acc9fc8`](npm/cli@24acc9f) and [`45772af0d`](npm/cli@45772af) [nodejs#217](npm/cli#217) [npm.community#8863](https://npm.community/t/installing-the-same-module-under-multiple-relative-paths-fails-on-linux/8863) [npm.community#9327](https://npm.community/t/reinstall-breaks-after-npm-update-to-6-10-2/9327,) do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages ([@isaacs](https://github.com/isaacs) and [@salomvary](https://github.com/salomvary)) * [`50cfe113d`](npm/cli@50cfe11) [nodejs#229](npm/cli#229) fixed typo in semver doc ([@gall0ws](https://github.com/gall0ws)) * [`e8fb2a1bd`](npm/cli@e8fb2a1) [nodejs#231](npm/cli#231) Fix spelling mistakes in CHANGELOG-3.md ([@XhmikosR](https://github.com/XhmikosR)) * [`769d2e057`](npm/cli@769d2e0) [npm/uid-number#7](npm/uid-number#7) Better error on invalid `--user`/`--group` configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. ([@isaacs](https://github.com/isaacs)) * [`8b43c9624`](npm/cli@8b43c96) [nodejs#28987](nodejs#28987) [npm.community#6032](https://npm.community/t/npm-ci-doesnt-respect-npmrc-variables/6032) [npm.community#6658](https://npm.community/t/npm-ci-doesnt-fill-anymore-the-process-env-npm-config-cache-variable-on-post-install-scripts/6658) [npm.community#6069](https://npm.community/t/npm-ci-does-not-compile-native-dependencies-according-to-npmrc-configuration/6069) [npm.community#9323](https://npm.community/t/npm-6-9-x-not-passing-environment-to-node-gyp-regression-from-6-4-x/9323/2) Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. ([@isaacs](https://github.com/isaacs)) * [`8b85eaa47`](npm/cli@8b85eaa) save files with inferred ownership rather than relying on `SUDO_UID` and `SUDO_GID`. ([@isaacs](https://github.com/isaacs)) * [`b7f6e5f02`](npm/cli@b7f6e5f) Infer ownership of shrinkwrap files ([@isaacs](https://github.com/isaacs)) * [`54b095d77`](npm/cli@54b095d) [nodejs#235](npm/cli#235) Add spec to dist-tag remove function ([@theberbie](https://github.com/theberbie)) DEPENDENCIES * [`dc8f9e52f`](npm/cli@dc8f9e5) `pacote@9.5.7`: Infer the ownership of all unpacked files in `node_modules`, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. ([@isaacs](https://github.com/isaacs)) * [`bb33940c3`](npm/cli@bb33940) `cmd-shim@3.0.0`: * [`9c93ac3`](npm/cmd-shim@9c93ac3) [#2](npm/cmd-shim#2) [npm#3380](npm/npm#3380) Handle environment variables properly ([@basbossink](https://github.com/basbossink)) * [`2d277f8`](npm/cmd-shim@2d277f8) [nodejs#25](npm/cmd-shim#25) [nodejs#36](npm/cmd-shim#36) [nodejs#35](npm/cmd-shim#35) Fix 'no shebang' case by always providing `$basedir` in shell script ([@igorklopov](https://github.com/igorklopov)) * [`adaf20b`](npm/cmd-shim@adaf20b) [nodejs#26](npm/cmd-shim#26) Fix `$*` causing an error when arguments contain parentheses ([@satazor](https://github.com/satazor)) * [`49f0c13`](npm/cmd-shim@49f0c13) [nodejs#30](npm/cmd-shim#30) Fix paths for MSYS/MINGW bash ([@dscho](https://github.com/dscho)) * [`51a8af3`](npm/cmd-shim@51a8af3) [nodejs#34](npm/cmd-shim#34) Add proper support for PowerShell ([@ExE-Boss](https://github.com/ExE-Boss)) * [`4c37e04`](npm/cmd-shim@4c37e04) [#10](npm/cmd-shim#10) Work around quoted batch file names ([@isaacs](https://github.com/isaacs)) * [`a4e279544`](npm/cli@a4e2795) `npm-lifecycle@3.1.3` ([@isaacs](https://github.com/isaacs)): * fail properly if `uid-number` raises an error * [`7086a1809`](npm/cli@7086a18) `libcipm@4.0.3` ([@isaacs](https://github.com/isaacs)) * [`8845141f9`](npm/cli@8845141) `read-package-json@2.1.0` ([@isaacs](https://github.com/isaacs)) * [`51c028215`](npm/cli@51c0282) `bin-links@1.1.3` ([@isaacs](https://github.com/isaacs)) * [`534a5548c`](npm/cli@534a554) `read-cmd-shim@1.0.3` ([@isaacs](https://github.com/isaacs)) * [`3038f2fd5`](npm/cli@3038f2f) `gentle-fs@2.2.1` ([@isaacs](https://github.com/isaacs)) * [`a609a1648`](npm/cli@a609a16) `graceful-fs@4.2.2` ([@isaacs](https://github.com/isaacs)) * [`f0346f754`](npm/cli@f0346f7) `cacache@12.0.3` ([@isaacs](https://github.com/isaacs)) * [`ca9c615c8`](npm/cli@ca9c615) `npm-pick-manifest@3.0.0` ([@isaacs](https://github.com/isaacs)) * [`b417affbf`](npm/cli@b417aff) `pacote@9.5.8` ([@isaacs](https://github.com/isaacs)) TESTS * [`b6df0913c`](npm/cli@b6df091) [nodejs#228](npm/cli#228) Proper handing of /usr/bin/node lifecycle-path test ([@olivr70](https://github.com/olivr70)) * [`aaf98e88c`](npm/cli@aaf98e8) `npm-registry-mock@1.3.0` ([@isaacs](https://github.com/isaacs))
This upgrade should be backward compatible, but still suffers form major vulnerabilities in its https-proxy-agent transitive dependency (see https://www.npmjs.com/advisories/1184). Changelog: - https://github.com/npm/cli/releases 6.12.0 (2019-10-08): Now npm ci runs prepare scripts for git dependencies, and respects the --no-optional argument. Warnings for engine mismatches are printed again. Various other fixes and cleanups. BUG FIXES 890b245dc #252 ci: add dirPacker to options (@claudiahdz) f3299acd0 #257 npm.community#4792 warn message on engine mismatch (@ruyadorno) bbc92fb8f #259 npm.community#10288 Fix figgyPudding error in npm token (@benblank) 70f54dcb5 #241 doctor: Make OK more consistent (@gemal) FEATURES ed993a29c #249 Add CI environment variables to user-agent (@isaacs) f6b0459a4 #248 Add option to save package-lock without formatting Adds a new config --format-package-lock, which defaults to true. (@bl00mber) DEPENDENCIES 0ca063c5d npm-lifecycle@3.1.4: fix: filter functions and undefined out of makeEnv (@isaacs) 5df6b0ea2 libcipm@4.0.4: fix: pack git directories properly (@claudiahdz) respect no-optional argument (@cruzdanilo) 7e04f728c tar@4.4.12 5c380e5a3 stringify-package@1.0.1 (@isaacs) 62f2ca692 node-gyp@5.0.5 (@isaacs) 0ff0ea47a npm-install-checks@3.0.2 (@isaacs) f46edae94 hosted-git-info@2.8.5 (@isaacs) TESTING 44a2b036b #262 fix root-ownership race conditions in meta-test (@isaacs) 6.11.3 (2019-09-03): Fix npm ci regressions and npm outdated depth. BUG FIXES 235ed1d28 #239 Don't override user specified depth in outdated. Restores ability to update packages using --depth as suggested by npm audit. (@G-Rath) 1fafb5151 #242 npm.community#9586 Revert "install: do not descend into directory deps' child modules" (@isaacs) cebf542e6 #243 npm.community#9720 ci: pass appropriate configs for file/dir modes (@isaacs) DEPENDENCIES e5fbb7ed1 read-cmd-shim@1.0.4 (@claudiahdz) 23ce65616 npm-pick-manifest@3.0.2 (@claudiahdz) 6.11.2 (2019-08-22): Fix a recent Windows regression, and two long-standing Windows bugs. Also, get CI running on Windows, so these things are less likely in the future. DEPENDENCIES 9778a1b87 cmd-shim@3.0.3: Fix regression where shims fail to preserve exit code (@isaacs) bf93e91d8 npm-package-arg@6.1.1: Properly handle git+file: urls on Windows when a drive letter is included. (@isaacs) BUGFIXES 6cc4cc66f escape args properly on Windows Bash Despite being bash, Node.js running on windows git mingw bash still executes child processes using cmd.exe. As a result, arguments in this environment need to be escaped in the style of cmd.exe, not bash. (@isaacs) TESTS 291aba7b8 make tests pass on Windows (@isaacs) fea3a023a travis: run tests on Windows as well (@isaacs) 6.11.1 (2019-08-20): Fix a regression for windows command shim syntax. 37db29647 cmd-shim@3.0.2 (@isaacs) v6.11.0 (2019-08-20): A few meaty bugfixes, and introducing peerDependenciesMeta. FEATURES a12341088 #224 Implements peerDependenciesMeta (@arcanis) 2f3b79bba #234 add new forbidden 403 error code (@claudiahdz) BUGFIXES 24acc9fc8 and 45772af0d #217 npm.community#8863 npm.community#9327 do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages (@isaacs and @salomvary) 50cfe113d #229 fixed typo in semver doc (@gall0ws) e8fb2a1bd #231 Fix spelling mistakes in CHANGELOG-3.md (@XhmikosR) 769d2e057 npm/uid-number#7 Better error on invalid --user/--group configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. (@isaacs) 8b43c9624 nodejs/node#28987 npm.community#6032 npm.community#6658 npm.community#6069 npm.community#9323 Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. (@isaacs) 8b85eaa47 save files with inferred ownership rather than relying on SUDO_UID and SUDO_GID. (@isaacs) b7f6e5f02 Infer ownership of shrinkwrap files (@isaacs) 54b095d77 #235 Add spec to dist-tag remove function (@theberbie) DEPENDENCIES dc8f9e52f pacote@9.5.7: Infer the ownership of all unpacked files in node_modules, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. (@isaacs) bb33940c3 cmd-shim@3.0.0: 9c93ac3 #2 npm#3380 Handle environment variables properly (@basbossink) 2d277f8 #25 #36 #35 Fix 'no shebang' case by always providing $basedir in shell script (@igorklopov) adaf20b #26 Fix $* causing an error when arguments contain parentheses (@satazor) 49f0c13 #30 Fix paths for MSYS/MINGW bash (@dscho) 51a8af3 #34 Add proper support for PowerShell (@ExE-Boss) 4c37e04 #10 Work around quoted batch file names (@isaacs) a4e279544 npm-lifecycle@3.1.3 (@isaacs): fail properly if uid-number raises an error 7086a1809 libcipm@4.0.3 (@isaacs) 8845141f9 read-package-json@2.1.0 (@isaacs) 51c028215 bin-links@1.1.3 (@isaacs) 534a5548c read-cmd-shim@1.0.3 (@isaacs) 3038f2fd5 gentle-fs@2.2.1 (@isaacs) a609a1648 graceful-fs@4.2.2 (@isaacs) f0346f754 cacache@12.0.3 (@isaacs) ca9c615c8 npm-pick-manifest@3.0.0 (@isaacs) b417affbf pacote@9.5.8 (@isaacs) TESTS b6df0913c #228 Proper handing of /usr/bin/node lifecycle-path test (@olivr70) aaf98e88c npm-registry-mock@1.3.0 (@isaacs)
I believe this issue was fixed as of Node.js v10.17.0 where npm was updated to v6.11.3. The specific npm fix was released in npm v6.11.0 (#29231). |
npm ci
no longer passes configuration properly tonode-gyp
innpm
6.9.0, so many Node.js use cases that require building native modules have completely broken in the 10.16.x upgrade.While this is technically an
npm
issue, this will break almost anyone relying on passing custom options tonode-gyp
for it to even work properly. See the following bugs:https://npm.community/t/npm-ci-doesnt-respect-npmrc-variables/6032
https://npm.community/t/npm-ci-doesnt-fill-anymore-the-process-env-npm-config-cache-variable-on-post-install-scripts/6658
https://npm.community/t/npm-ci-does-not-compile-native-dependencies-according-to-npmrc-configuration/6069
I found this out on my own because Node 10.16.x default
npm
is now incapable of building native modules in a container/chroot with no network access:https://npm.community/t/npm-6-9-x-not-passing-environment-to-node-gyp-regression-from-6-4-x/9323/2
I'm only raising this issue to make the Node team aware (if they weren't already), since the decision was made here to incorporate 6.9.0 into the 10.16 minor semver bump. I have no idea if there is any possibility to revert the 6.9.0 upgrade at this point. At a minimum, perhaps there need to be integration tests for
npm
commands as part of the total upgrade process, testingnode
,node-gyp
, andnpm
together.The text was updated successfully, but these errors were encountered: