-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes NODE_OPTIONS when spaces are escaped #24065
Conversation
0301e64
to
d7b1d3d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you maybe also add tests for what happens when a backslash is not followed by a space character? In particular, I’m thinking about Windows-style paths with \
in them
@addaleax will add a test - with this PR such paths would have to be escaped ( |
d7b1d3d
to
46f79d3
Compare
@arcanis Yes, that would make this a breaking change in its current form… |
@addaleax would it be semver-minor and acceptable if I was instead to add support for double quotes? Basically, doing the following:
|
@arcanis I guess the question is whether people currently (successfully) use quotes for (I’m also kinda surprised by your first example, I’d probably expect In any case, I’m not more of an authority on “how people use node features” than anybody else, and other people can weigh in too. |
My bad, it's a typo 😄 |
Bumps [yarn](https://github.com/yarnpkg/yarn) from 1.12.1 to 1.12.3. <details> <summary>Release notes</summary> *Sourced from [yarn's releases](https://github.com/yarnpkg/yarn/releases).* > ## v1.12.3 > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Fixes an issue with `yarn audit` when using workspaces > > [#6625](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments > > **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node#24065](https://github-redirect.dependabot.com/nodejs/node/pull/24065)) > > [#6479](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6629) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes Gulp when used with Plug'n'Play > > [#6623](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6623) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes an issue with `yarn audit` when the root package was missing a name > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with `yarn audit` when a package was depending on an empty range > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with how symlinks are setup into the cache on Windows > > [#6621](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6621) - [**Yoad Snapir**](https://github.com/yoadsn) > > - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows > > [#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6635) - [**Philipp Feigl**](https://github.com/pfeigl) > > - Exposes the path to the PnP file using `require.resolve('pnpapi')` > > [#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6643) - [**Maël Nison**](https://twitter.com/arcanis) > > ## v1.12.2 > This release doesn't actually exists and was caused by a quirk in our systems. </details> <details> <summary>Changelog</summary> *Sourced from [yarn's changelog](https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md).* > ## 1.12.3 > > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Fixes an issue with `yarn audit` when using workspaces > > [#6625](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments > > **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node#24065](https://github-redirect.dependabot.com/nodejs/node/pull/24065)) > > [#6479](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6629) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes Gulp when used with Plug'n'Play > > [#6623](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6623) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes an issue with `yarn audit` when the root package was missing a name > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with `yarn audit` when a package was depending on an empty range > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with how symlinks are setup into the cache on Windows > > [#6621](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6621) - [**Yoad Snapir**](https://github.com/yoadsn) > > - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows > > [#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6635) - [**Philipp Feigl**](https://github.com/pfeigl) > > - Exposes the path to the PnP file using `require.resolve('pnpapi')` > > [#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6643) - [**Maël Nison**](https://twitter.com/arcanis) > > ## 1.12.2 > > This release doesn't actually exists and was caused by a quirk in our systems. </details> <details> <summary>Commits</summary> - [`38bbf59`](yarnpkg/yarn@38bbf59) v1.12.3 - [`2603671`](yarnpkg/yarn@2603671) Fixes invalid version bump - [`0934bcd`](yarnpkg/yarn@0934bcd) v1.12.2 - [`b65dbb7`](yarnpkg/yarn@b65dbb7) Merge branch 'master' into 1.12-stable - [`f8e42c5`](yarnpkg/yarn@f8e42c5) fix(audit) Report vulnerabilities in workspace package dependencies ([#6639](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6639)) - [`124a2ef`](yarnpkg/yarn@124a2ef) Exposes pnpapi through resolveToUnqualified ([#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6643)) - [`1ceabe8`](yarnpkg/yarn@1ceabe8) Tries a fix for Windows - [`85660f7`](yarnpkg/yarn@85660f7) Precompiles inquirer for Node 4 compat ([#6640](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6640)) - [`a40f3fc`](yarnpkg/yarn@a40f3fc) Update CHANGELOG.md - [`5539fa2`](yarnpkg/yarn@5539fa2) Fixes potential freeze on win+node10 interactive upgrades ([#5949](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/5949)) ([#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6635)) - Additional commits viewable in [compare view](yarnpkg/yarn@v1.12.1...v1.12.3) </details> <br /> [![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=yarn&package-manager=npm_and_yarn&previous-version=1.12.1&new-version=1.12.3)](https://dependabot.com/compatibility-score.html?dependency-name=yarn&package-manager=npm_and_yarn&previous-version=1.12.1&new-version=1.12.3) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details>
This change appears to break the test suite on Windows: 20:11:12 not ok 75 parallel/test-cli-node-options
20:11:12 ---
20:11:12 duration_ms: 0.499
20:11:12 severity: fail
20:11:12 exitcode: 1
20:11:12 stack: |-
20:11:12 assert.js:753
20:11:12 throw newErr;
20:11:12 ^
20:11:12
20:11:12 AssertionError [ERR_ASSERTION]: ifError got unwanted exception: Command failed: c:\workspace\node-test-binary-windows\Release\node.exe -e console.log("B")
20:11:12 internal/modules/cjs/loader.js:605
20:11:12 throw err;
20:11:12 ^
20:11:12
20:11:12 Error: Cannot find module 'c:workspacenode-test-binary-windowstestfixturesprintA.js'
20:11:12 at Function.Module._resolveFilename (internal/modules/cjs/loader.js:603:15)
20:11:12 at Function.Module._load (internal/modules/cjs/loader.js:529:25)
20:11:12 at Module.require (internal/modules/cjs/loader.js:658:17)
20:11:12 at Module._preloadModules (internal/modules/cjs/loader.js:843:12)
20:11:12 at preloadModules (internal/bootstrap/node.js:731:7)
20:11:12 at startup (internal/bootstrap/node.js:282:9)
20:11:12 at bootstrapNodeJSCore (internal/bootstrap/node.js:876:3)
20:11:12
20:11:12 at ChildProcess.exithandler (child_process.js:294:12)
20:11:12 at ChildProcess.emit (events.js:182:13)
20:11:12 at maybeClose (internal/child_process.js:969:16)
20:11:12 at Process.ChildProcess._handle.onexit (internal/child_process.js:257:5)
20:11:12 ... |
@Trott This is related to the comment left by @addaleax here #24065 (review). There are three possible solutions:
I think I'd lean towards either the second or third solutions .. they're not perfect, but changing behavior like this even in a major might be potentially painful otherwise. |
Changelog tracks back up to 1.12.0 only. ## 1.12.3 **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. - Fixes an issue with `yarn audit` when using workspaces [6625](yarnpkg/yarn#6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node24065](nodejs/node#24065)) [6479](yarnpkg/yarn#6629) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes Gulp when used with Plug'n'Play [6623](yarnpkg/yarn#6623) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes an issue with `yarn audit` when the root package was missing a name [6611](yarnpkg/yarn#6611) - [**Jack Zhao**](https://github.com/bugzpodder) - Fixes an issue with `yarn audit` when a package was depending on an empty range [6611](yarnpkg/yarn#6611) - [**Jack Zhao**](https://github.com/bugzpodder) - Fixes an issue with how symlinks are setup into the cache on Windows [6621](yarnpkg/yarn#6621) - [**Yoad Snapir**](https://github.com/yoadsn) - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows [6635](yarnpkg/yarn#6635) - [**Philipp Feigl**](https://github.com/pfeigl) - Exposes the path to the PnP file using `require.resolve('pnpapi')` [6643](yarnpkg/yarn#6643) - [**Maël Nison**](https://twitter.com/arcanis) ## 1.12.2 This release doesn't actually exists and was caused by a quirk in our systems. ## 1.12.1 - Ensures the engine check is ran before showing the UI for `upgrade-interactive` [6536](yarnpkg/yarn#6536) - [**Orta Therox**](https://github.com/orta) - Restores Node v4 support by downgrading `cli-table3` [6535](yarnpkg/yarn#6535) - [**Mark Stacey**](https://github.com/Gudahtt) - Prevents infinite loop when parsing corrupted lockfiles with unterminated strings [4965](yarnpkg/yarn#4965) - [**Ryan Hendrickson**](https://github.com/rhendric) - Environment variables now have to **start** with `YARN_` (instead of just contain it) to be considered [6518](yarnpkg/yarn#6518) - [**Michael Gmelin**](https://blog.grem.de) - Fixes the `extensions` option when used by `resolveRequest` [6479](yarnpkg/yarn#6479) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes handling of empty string entries for `bin` in package.json [6515](yarnpkg/yarn#6515) - [**Ryan Burrows**](https://github.com/rhburrows) - Adds support for basic auth for registries with paths, such as artifactory [5322](yarnpkg/yarn#5322) - [**Karolis Narkevicius**](https://twitter.com/KidkArolis) - Adds 2FA (Two Factor Authentication) support to publish & alike [6555](yarnpkg/yarn#6555) - [**Krzysztof Zbudniewek**](https://github.com/neonowy) - Fixes how the `files` property is interpreted to bring it in line with npm [6562](yarnpkg/yarn#6562) - [**Bertrand Marron**](https://github.com/tusbar) - Fixes Yarn invocations on Darwin when the `yarn` binary was symlinked [6568](yarnpkg/yarn#6568) - [**Hidde Boomsma**](https://github.com/hboomsma) - Fixes `require.resolve` when used together with the `paths` option [6565](yarnpkg/yarn#6565) - [**Maël Nison**](https://twitter.com/arcanis) ## 1.12.0 - Adds initial support for PnP on Windows [6447](yarnpkg/yarn#6447) - [**John-David Dalton**](https://twitter.com/jdalton) - Adds `yarn audit` (and the `--audit` flag for all installs) [6409](yarnpkg/yarn#6409) - [**Jeff Valore**](https://github.com/rally25rs) - Adds a special logic to PnP for ESLint compatibility (temporary, until [eslint/eslint10125](eslint/eslint#10125) is fixed) [6449](yarnpkg/yarn#6449) - [**Maël Nison**](https://twitter.com/arcanis) - Makes the PnP hook inject a `process.versions.pnp` variable when setup (equals to `VERSIONS.std`) [6464](yarnpkg/yarn#6464) - [**Maël Nison**](https://twitter.com/arcanis) - Disables by default (configurable) the automatic migration of the `integrity` field. **It will be re-enabled in 2.0.** [6465](yarnpkg/yarn#6465) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes the display name of the faulty package when the NPM registry returns corrupted data [6455](yarnpkg/yarn#6455) - [**Grey Baker**](https://github.com/greysteil) - Prevents crashes when running `yarn outdated` and the NPM registry forgets to return the `latest` tag [6454](yarnpkg/yarn#6454) - [**mad-mike**](https://github.com/mad-mike) - Fixes `yarn run` when used together with workspaces and PnP [6444](yarnpkg/yarn#6444) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes an edge case when peer dependencies were resolved multiple levels deep (`webpack-dev-server`) [6443](yarnpkg/yarn#6443) - [**Maël Nison**](https://twitter.com/arcanis)
I made my way here because I tried to use |
I'd be willing to make extra changes, I just need to know what the consensus is. Which one of the three options described above look the best? |
My preference is for seeing if the following is doable:
|
46f79d3
to
e2c5c57
Compare
The latest commit changes the implementation to parse a JSON-like string (JSON-like because it really only take |
// [0] is expected to be the program name, fill it in from the real argv. | ||
env_argv.push_back(argv->at(0)); | ||
|
||
bool is_in_string = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we have SplitString()
, why don't just fix then use it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure that SplitString should contain an actual parsing logic, or double quote/backslash support, does it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For reference this is the other place where SplitString is used - while it wouldn't be broken by using the same logic, in this case it sounds like it would be slightly overkill:
node/src/node_v8_platform-inl.h
Line 122 in 617f055
SplitString(per_process::cli_options->trace_event_categories, ','); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But I think it is necessary to abstract common functions like SplitString
and we should maintain these functions instead of hacking code everywhere
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If they have the same semantical requirements I'm all for it, but in this case it just doesn't seem the case? I can abstract this behavior in a separate function (SmartSplitString
), but it'll eventually be used in a single place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@arcanis I think having a common function is probably a good idea. How about SplitString check's the delimiter specified and does the new logic only if it is a space? In that way we still have a common function which will do the right thing if you use a space, but otherwise we don't have extra overhead?
e2c5c57
to
4268420
Compare
44aeb50
to
2516325
Compare
Landed in 3ef1512, thanks for the PR and sorry it took so long to get it landed! |
The characters specified within NODE_OPTIONS can now be escaped, which is handy especially in conjunction with `--require` (where the file path might happen to contain spaces that shouldn't cause the option to be split into two). Fixes: #12971 PR-URL: #24065 Reviewed-By: Anna Henningsen <anna@addaleax.net>
@addaleax This PR doesn't seem to be backported to v10.x, can we still do this, related issues microsoft/vscode-js-debug#769 /cc @nodejs/releasers |
@rickyes Maybe you could open a manual backport PR and ping the release team there? |
The characters specified within NODE_OPTIONS can now be escaped, which is handy especially in conjunction with `--require` (where the file path might happen to contain spaces that shouldn't cause the option to be split into two). Fixes: nodejs#12971 PR-URL: nodejs#24065 Reviewed-By: Anna Henningsen <anna@addaleax.net>
backport in #35342 |
The characters specified within NODE_OPTIONS can now be escaped, which is handy especially in conjunction with `--require` (where the file path might happen to contain spaces that shouldn't cause the option to be split into two). Fixes: #12971 PR-URL: #24065 Backport-PR-URL: #35342 Reviewed-By: Anna Henningsen <anna@addaleax.net> Refs: microsoft/vscode-js-debug#769
This PR fixes #12971. It adds a way to properly escape spaces when found within
NODE_OPTIONS
. The previous behavior was problematic because there was no way to use--require
with paths containing spaces.Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes