-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn 1.x.x invalid url with node 18.17.0 VS 18.16.1 #48855
Comments
Can you share the URL causing this error? cc @nodejs/url |
|
Looking at the stack trace, it seems to be related to the legacy The related code on Yarn source is at https://github.com/yarnpkg/yarn/blob/158d96dce95313d9a00218302631cd263877d164/src/resolvers/exotics/git-resolver.js#L38 /cc @arcanis |
The throw is located at Lines 444 to 446 in a39b8a2
The Line 433 in a39b8a2
And Line 34 in a39b8a2
Which itself reexports it from Lines 3 to 4 in a39b8a2
The list of commits that have touched /cc @nodejs/url |
It seems to result in an Invalid URL error under the following conditions
I use a comma in the hostname when specifying multiple hosts in MongoDB. |
Starting bisecting |
I guess this is a duplicate of #48850? |
Seems it's not a problem with Yarn itself but, out of curiosity, why is your custom registry hostname containing commas? I didn't even know this was supported 😅 |
The ada URL parsing library itself has no beef with commas, as you can see in the playground... |
The issue is with |
It seems this PR is not backported, and might be the root cause of this: #47735 |
I'm not sure that is the same problem. |
FWIW I've bisected Node.js 16 and the behaviour of node -e "console.log(require('url').domainToASCII('0.0,1.1'))" changed in Node.js 16.17.0 with 8cda415 (#43190). It looks like #43190 made it into 18.6.0, which is consistent with: $ nvm run 18.5.0 -e "console.log(require('url').domainToASCII('0.0,1.1'))"
Running node v18.5.0 (npm v8.12.1)
0.0,1.1
$ nvm run 18.6.0 -e "console.log(require('url').domainToASCII('0.0,1.1'))"
Running node v18.6.0 (npm v8.13.2)
$ So while it does look like the behaviour of |
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
I believe the issue lies with yarn packages using invalid install urls ie the package does not exist. The problematic code relates to an internal monorepo packages using dependencies that import one of the internal package versions that is a lower version. Previous in 18.16.1 it would not throw a error when attempting to install the invalid package. Still trying to create a replicable repo outside the internal code. Guessing I'll need a lerna monorepoa and shadow some package names and make one of the packages install a invalid dependency. |
The custom registry does not contain commas. It's an artifactory registry. There is only one registry used, and always-auth=true is enabled for other registries. - required for yarn v1 to work even though it's deprecated with npm. |
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
I've noticed a similar issue with npm 6 calling
In this case |
We've hit this very bug and done some investigation: For a string such as // IDNA Support: Returns a punycoded representation of "domain".
// It only converts parts of the domain name that
// have non-ASCII characters, i.e. it doesn't matter if
// you call it with a domain that already is ASCII-only.
// Use lenient mode (`true`) to try to support even non-compliant
// URLs.
this.hostname = toASCII(this.hostname, true);
// Prevent two potential routes of hostname spoofing.
// 1. If this.hostname is empty, it must have become empty due to toASCII
// since we checked this.hostname above.
// 2. If any of forbiddenHostChars appears in this.hostname, it must have
// also gotten in due to toASCII. This is since getHostname would have
// filtered them out otherwise.
// Rather than trying to correct this by moving the non-host part into
// the pathname as we've done in getHostname, throw an exception to
// convey the severity of this issue.
if (this.hostname === '' || forbiddenHostChars.test(this.hostname)) {
throw new ERR_INVALID_URL(url);
} In performing the auto out = ada::parse<ada::url>("ws://x");
DCHECK(out);
if (!out->set_hostname(input)) {
return args.GetReturnValue().Set(FIXED_ONE_BYTE_STRING(env->isolate(), ""));
} During the if (checkers::is_ipv4(host.value())) {
ada_log("parse_host fast path ipv4");
return parse_ipv4(host.value());
} "if ada_really_inline ada_constexpr bool is_ipv4(std::string_view view) noexcept {
size_t last_dot = view.rfind('.');
if (last_dot == view.size() - 1) {
view.remove_suffix(1);
last_dot = view.rfind('.');
}
std::string_view number =
(last_dot == std::string_view::npos) ? view : view.substr(last_dot + 1);
if (number.empty()) {
return false;
}
/** Optimization opportunity: we have basically identified the last number of
the ipv4 if we return true here. We might as well parse it and have at
least one number parsed when we get to parse_ipv4. */
if (std::all_of(number.begin(), number.end(), ada::checkers::is_digit)) {
return true;
}
return (checkers::has_hex_prefix(number) &&
std::all_of(number.begin() + 2, number.end(),
ada::unicode::is_lowercase_hex));
} So any string matching
Indeed:
The behavior isn't observed on the latest main branch so something must have changed in the meantime, but I haven't dug deeper yet. So for now, it may be prudent to revert the faulty commit then try (or not, actually, for an LTS branch) fixing and relanding it, to prevent more hair loss of unaware users affected by this bug? |
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#48878 Refs: nodejs#48873 Refs: nodejs#48855 Refs: nodejs#48850 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Seems fixed in https://github.com/nodejs/node/releases/tag/v18.18.0 |
yeah updating node from v18.17.0 -> v18.20.0 fixed the issue 🎉 |
Version
18.17.0
Platform
Mac OS (aarm64 & intel)
Subsystem
No response
What steps will reproduce the bug?
Using node 18.17.0 and installing yarn 1.x.x will cause this error.
How often does it reproduce? Is there a required condition?
Other tips to replicating this issue:
yarn cache clear
. Project level cache should be enough.Example commands
nvm install 18.17.0; nvm use 18.17.0; npm i -g yarn; yarn cache clean; yarn;
What is the expected behavior? Why is that the expected behavior?
yarn should install dependencies and resolve those urls.
What do you see instead?
Error and unexpected error has occurred "Invalid Url".
Additional information
If this is an expected behavior change 18.16 - 18.17.0 (breaking yarn package manager on 1.x.x) we can close this issue.
Yarn 1.x.x is still used in many projects so this may affect a bunch of users.
Temp workarounds
18
to18.16
Possibly related URL issues:
The text was updated successfully, but these errors were encountered: