deps: upgrade npm to 6.1.0 #20190
deps: upgrade npm to 6.1.0 #20190
Conversation
iarna
added
the
npm
|
/cc @jasnell |
|
This is likely semver-major. |
|
@nodejs/tsc I'm labeling this [EDIT: Just to make sure there's no confusion, 👍 means you approve landing this in 10.0.0 and 👎 means you are opposed to it. Heck, let's throw in 😕 for anyone who wants to indicate they have no opinion either way, basically abstaining.] |
|
@Trott it should be noted that this is not 6.0.0 yet — it looks like 6.0.0 hasn't been tagged. @iarna Is this WiP? What's the ETA for 6.0.0? |
|
@ChALkeR Our plans over the last several months has been to only badge 6.0.0 in conjunction with the Node 10 release, assuming npm6 lands in Node 10. The version badged as 6.0.0 and tagged as latest will otherwise be exactly the same as 6.0.0-next.2. (I have a sneaking suspicion that our plans were not communicated and coordinated where I thought they were, so if this is the first you all are hearing of this, I appologize.) |
|
@iarna what are the semver major changes from 5 -> 6 Is it possible that this could be semver minor? If so we could also backport to 8.x |
|
@MylesBorins I think I answered all these questions in opening: The major changes are described under "breaking changes" in the summary. They are quite minor but they aren't semver minor. I'm of the opinion that they're valuable enough that we should lobby to include them in Node 8, but YMMV. And if you look under "where should this land" I said:
There's a 5.10.0 rc currently published, but I'd want to do a 5.11 with the non-breaking things from 6 if it's decided that Node 8 can't take 6. |
|
Considering the status of things, +1 to fast-track with CI and CITGM ok. |
@iarna Yes, that looks good to me then. Huge +1 to getting npm@6 into 10.0.0.
@mcollina I don't think this could be fast-tracked, could it? |
|
If we plan to release on Tuesday 24th, there won’t be 72 hours (weekend time) to be able to issue another rc with this in. If we want to have this in 10.0.0, this should have landed weeks ago. The longer we wait the worse it’ll get. We need TSC approval anyway. |
|
As I understand #20121 (comment), we essentially want a @nodejs/tsc vote for this. I’m okay with landing this in 10.0.0, but yes, it’s way past the deadline and not exactly a trivial change, so I think it would be a good option to include it in the first semver-minor release, given how small the actual breakages here are. |
|
No, this pr cannot be fast tracked in the normal sense. It's too large, needs more review, and adequate consideration. I'm leaning strongly against rushing it in to 10.0.0 and potentially landing it as a minor in a 10.x minor later. |
|
+1 to landing it in a semver minor. |
|
I am leaning towards landing it as semver minor as well |
|
I’m also +1 to landing as a minor after 10.0.0 is released as well. |
|
+1 for semver minor after the release. Good precident for landing it on 8.x
…On Sat, Apr 21, 2018, 11:07 AM Matteo Collina ***@***.***> wrote:
I’m also +1 to landing as a minor after 10.0.0 is released as well.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20190 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAecV832X4VRsisU0l_tAC7vUyZqgPSDks5tq0s5gaJpZM4TeUV9>
.
|
|
+1 on landing this as semver-minor. |
|
+1 on landing this as semver-minor after the release. |
|
Removing this from the 10.0.0 milestone. |
|
Seems like there's consensus on landing this in 10.x but not 10.0. Removing |
BridgeAR
added
the
semver-minor
PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Notable Changes:
* **deps**:
- upgrade npm to 6.1.0 (Rebecca Turner)
#20190
* **fs**:
- fix reads with pos \> 4GB (Mathias Buus)
#21003
* **net**:
- new option to allow IPC servers to be readable and writable
by all users (Bartosz Sosnowski)
#19472
* **stream**:
- fix removeAllListeners() for Stream.Readable to work as expected
when no arguments are passed (Kael Zhang)
#20924
* **Added new collaborators**
- John-David Dalton (https://github.com/jdalton)
PR-URL: #21011
Notable Changes:
* **deps**:
- upgrade npm to 6.1.0 (Rebecca Turner)
#20190
* **fs**:
- fix reads with pos \> 4GB (Mathias Buus)
#21003
* **net**:
- new option to allow IPC servers to be readable and writable
by all users (Bartosz Sosnowski)
#19472
* **stream**:
- fix removeAllListeners() for Stream.Readable to work as expected
when no arguments are passed (Kael Zhang)
#20924
* **Added new collaborators**
- John-David Dalton (https://github.com/jdalton)
PR-URL: #21011
Notable Changes:
* **deps**:
- upgrade npm to 6.1.0 (Rebecca Turner)
#20190
* **fs**:
- fix reads with pos \> 4GB (Mathias Buus)
#21003
* **net**:
- new option to allow IPC servers to be readable and writable
by all users (Bartosz Sosnowski)
#19472
* **stream**:
- fix removeAllListeners() for Stream.Readable to work as expected
when no arguments are passed (Kael Zhang)
#20924
* **Added new collaborators**
- John-David Dalton (https://github.com/jdalton)
PR-URL: #21011
PR-URL: nodejs#20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: nodejs#20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Backport-PR-URL: #21302 PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Backport-PR-URL: #21302 PR-URL: #20190 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Checklist
make test-npmpassesWhere this should land
Breaking changes
This is a major release, so it does include breaking changes. They are, however, very minor and important:
npm updateandnpm outdatednow will not suggest versions greater than the version tagged aslatest. This is in alignment with the use of tags for release trains or experimental versions, while not requiring the use of prerelease version numbers.npm installwill now do its best to avoid versions that are marked as deprecated. That is makesnpm deprecatesimilar to how thegem yankcommand works in ruby. If you specifically ask for a deprecated version you will still get it.npmwill now report that it no longer supports node v4 and node v7.Notable changes
npm initnow can take an argument and it will run a matchingcreate-…script from the registry. An amalgam ofnpxandyarn create.npm auditprovides a vulnerability scanner. The registry side of this will be available soon. Details are discussed in the CHANGELOGnpm audit fixto help users automatically fix vulnerabilities found withnpm audit.npm hookcommand. Previously this functionality was found in the modulewombat. With webhooks you can request notification whenever a package updates.new Bufferin npmnpm viewnpm packandnpm publishpreviews when running them with--dry-runnpm ci, new, faster, lock-file only install mode andnpm citto install and test--only=production,--no-optional, etc)Changelogs