Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

CHANGELOG.md 22KB

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

12.0.3 (2019-08-19)

Bug Fixes

  • do not chown if not running as root (2d80af9)

12.0.2 (2019-07-19)

12.0.1 (2019-07-19)

  • deps Abstracted out lib/util/infer-owner.js to @npmcli/infer-owner so that it could be more easily used in other parts of the npm CLI.

12.0.0 (2019-07-15)

Features

  • infer uid/gid instead of accepting as options (ac84d14)
  • i18n: add another error message (676cb32)

BREAKING CHANGES

  • the uid gid options are no longer respected or necessary. As of this change, cacache will always match the cache contents to the ownership of the cache directory (or its parent directory), regardless of what the caller passes in.

Reasoning:

The number one reason to use a uid or gid option was to keep root-owned files from causing problems in the cache. In npm’s case, this meant that CLI’s ./lib/command.js had to work out the appropriate uid and gid, then pass it to the libnpmcommand module, which had to in turn pass the uid and gid to npm-registry-fetch, which then passed it to make-fetch-happen, which passed it to cacache. (For package fetching, pacote would be in that mix as well.)

Added to that, cacache.rm() will actually write a file into the cache index, but has no way to accept an option so that its call to entry-index.js will write the index with the appropriate uid/gid. Little ownership bugs were all over the place, and tricky to trace through. (Why should make-fetch-happen even care about accepting or passing uids and gids? It’s an http library.)

This change allows us to keep the cache from having mixed ownership in any situation.

Of course, this does mean that if you have a root-owned but user-writable folder (for example, /tmp), then the cache will try to chown everything to root.

The solution is for the user to create a folder, make it user-owned, and use that, rather than relying on cacache to create the root cache folder.

If we decide to restore the uid/gid opts, and use ownership inferrence only when uid/gid are unset, then take care to also make rm take an option object, and pass it through to entry-index.js.

11.3.3 (2019-06-17)

Bug Fixes

  • audit: npm audit fix (200a6d5)
  • config: Add ssri config ‘error’ option (#146) (47de8f5)
  • deps: npm audit fix (481a7dc)
  • standard: standard --fix (7799149)
  • write: avoid another cb never called situation (5156561)

11.3.2 (2018-12-21)

Bug Fixes

  • get: make sure to handle errors in the .then (b10bcd0)

11.3.1 (2018-11-05)

Bug Fixes

  • get: export hasContent.sync properly (d76c920)

11.3.0 (2018-11-05)

Features

  • get: add sync API for reading (db1e094)

11.2.0 (2018-08-08)

Features

  • read: add sync support to other internal read.js fns (fe638b6)

11.1.0 (2018-08-01)

Features

  • read: add sync support for low-level content read (b43af83)

11.0.3 (2018-08-01)

Bug Fixes

  • config: add ssri config options (#136) (10d5d9a)
  • perf: refactor content.read to avoid lstats (c5ac10e)
  • test: oops when removing safe-buffer (1950490)

11.0.2 (2018-05-07)

Bug Fixes

  • verify: size param no longer lost in a verify (#131) (c614a19), closes #130

11.0.1 (2018-04-10)

11.0.0 (2018-04-09)

Features

meta

  • drop support for node@4 (529f347)

BREAKING CHANGES

  • node@4 is no longer supported

10.0.4 (2018-02-16)

10.0.3 (2018-02-16)

Bug Fixes

  • content: rethrow aggregate errors as ENOENT (fa918f5)

10.0.2 (2018-01-07)

Bug Fixes

  • ls: deleted entries could cause a premature stream EOF (347dc36)

10.0.1 (2017-11-15)

Bug Fixes

  • move-file: actually use the fallback to move-concurrently (#110) (073fbe1)

10.0.0 (2017-10-23)

Features

Performance Improvements

  • more copyFile benchmarks (63787bb)

BREAKING CHANGES

  • license: the license has been changed from CC0-1.0 to ISC.

9.3.0 (2017-10-07)

Features

  • copy: added cacache.get.copy api for fast copies (#107) (067b5f6)

9.2.9 (2017-06-17)

9.2.8 (2017-06-05)

Bug Fixes

  • ssri: bump ssri for bugfix (c3232ea)

9.2.7 (2017-06-05)

Bug Fixes

  • content: make verified content completely read-only (#96) (4131196)

9.2.6 (2017-05-31)

Bug Fixes

  • node: update ssri to prevent old node 4 crash (5209ffe)

9.2.5 (2017-05-25)

Bug Fixes

  • deps: fix lockfile issues and bump ssri (84e1d7e)

9.2.4 (2017-05-24)

Bug Fixes

9.2.3 (2017-05-24)

Bug Fixes

  • rm: stop crashing if content is missing on rm (ac90bc0)

9.2.2 (2017-05-14)

Bug Fixes

  • i18n: lets pretend this didn’t happen (519b4ee)

9.2.1 (2017-05-14)

Bug Fixes

  • docs: fixing translation messup (bb9e4f9)

9.2.0 (2017-05-14)

Features

  • i18n: add Spanish translation for API (531f9a4)

9.1.0 (2017-05-14)

Features

  • i18n: Add Spanish translation and i18n setup (#91) (323b90c)

9.0.0 (2017-04-28)

Bug Fixes

  • memoization: actually use the LRU (0e55dc9)

Features

  • memoization: memoizers can be injected through opts.memoize (#90) (e5614c7)

BREAKING CHANGES

  • memoization: If you were passing an object to opts.memoize, it will now be used as an injected memoization object. If you were only passing booleans and other non-objects through that option, no changes are needed.

8.0.0 (2017-04-22)

Features

  • read: change hasContent to return {sri, size} (#88) (bad6c49), closes #87

BREAKING CHANGES

  • read: hasContent now returns an object with {sri, size} instead of sri. Use result.sri anywhere that needed the old return value.

7.1.0 (2017-04-20)

Features

7.0.5 (2017-04-18)

Bug Fixes

  • integrity: new ssri with fixed integrity stream (6d13e8e)
  • write: wrap stuff in promises to improve errors (3624fc5)

7.0.4 (2017-04-15)

Bug Fixes

  • fix-owner: throw away ENOENTs on chownr (d49bbcd)

7.0.3 (2017-04-05)

Bug Fixes

  • read: fixing error message for integrity verification failures (9d4f0a5)

7.0.2 (2017-04-03)

Bug Fixes

  • integrity: use EINTEGRITY error code and update ssri (8dc2e62)

7.0.1 (2017-04-03)

Bug Fixes

  • docs: fix header name conflict in readme (afcd456)

7.0.0 (2017-04-03)

Bug Fixes

  • test: fix content.write tests when running in docker (d2e9b6a)

Features

  • integrity: subresource integrity support (#78) (b1e731f)

BREAKING CHANGES

  • integrity: The entire API has been overhauled to use SRI hashes instead of digest/hashAlgorithm pairs. SRI hashes follow the Subresource Integrity standard and support strings and objects compatible with ssri.

  • This change bumps the index version, which will invalidate all previous index entries. Content entries will remain intact, and existing caches will automatically reuse any content from before this breaking change.

  • cacache.get.info(), cacache.ls(), and cacache.ls.stream() will now return objects that looks like this:

{
  key: String,
  integrity: '<algorithm>-<base64hash>',
  path: ContentPath,
  time: Date<ms>,
  metadata: Any
}
  • opts.digest and opts.hashAlgorithm are obsolete for any API calls that used them.

  • Anywhere opts.digest was accepted, opts.integrity is now an option. Any valid SRI hash is accepted here -- multiple hash entries will be resolved according to the standard: first, the “strongest” hash algorithm will be picked, and then each of the entries for that algorithm will be matched against the content. Content will be validated if any of the entries match (so, a single integrity string can be used for multiple “versions” of the same document/data).

  • put.byDigest(), put.stream.byDigest, get.byDigest() and get.stream.byDigest() now expect an SRI instead of a digest + opts.hashAlgorithm pairing.

  • get.hasContent() now expects an integrity hash instead of a digest. If content exists, it will return the specific single integrity hash that was found in the cache.

  • verify() has learned to handle integrity-based caches, and forgotten how to handle old-style cache indices due to the format change.

  • cacache.rm.content() now expects an integrity hash instead of a hex digest.

6.3.0 (2017-04-01)

Bug Fixes

  • fixOwner: ignore EEXIST race condition from mkdirp (4670e9b)
  • index: ignore index removal races when inserting (b9d2fa2)
  • memo: use lru-cache for better mem management (#75) (d8ac5aa)

Features

  • dependencies: Switch to move-concurrently (#77) (dc6482d)

6.2.0 (2017-03-15)

Bug Fixes

  • index: additional bucket entry verification with checksum (#72) (f8e0f25)
  • verify: return fixOwner.chownr promise (6818521)

Features

  • tmp: safe tmp dir creation/management util (#73) (c42da71)

6.1.2 (2017-03-13)

Bug Fixes

  • index: set default hashAlgorithm (d6eb2f0)

6.1.1 (2017-03-13)

Bug Fixes

  • coverage: bumping coverage for verify (#71) (0b7faf6)
  • deps: glob should have been a regular dep :< (0640bc4)

6.1.0 (2017-03-12)

Bug Fixes

  • coverage: more coverage for content reads (#70) (ef4f70a)
  • tests: use safe-buffer because omfg (#69) (6ab8132)

Features

  • rm: limited rm.all and fixed bugs (#66) (d5d25ba), closes #66
  • verify: tested, working cache verifier/gc (#68) (45ad77a)

6.0.2 (2017-03-11)

Bug Fixes

  • index: segment cache items with another subbucket (#64) (c3644e5)

6.0.1 (2017-03-05)

Bug Fixes

  • docs: Missed spots in README (8ffb7fa)

6.0.0 (2017-03-05)

Bug Fixes

  • api: keep memo cache mostly-internal (2f72d0a)
  • content: use the rest of the string, not the whole string (fa8f3c3)
  • deps: removed format-number@2.0.2 (1187791)
  • deps: removed inflight@1.0.6 (0d1819c)
  • deps: rimraf@2.6.1 (9efab6b)
  • deps: standard@9.0.0 (4202cba)
  • deps: tap@10.3.0 (aa03088)
  • deps: weallcontribute@1.0.8 (ad4f4dc)
  • docs: add security note to hashKey (03f81ba)
  • hashes: change default hashAlgorithm to sha512 (ea00ba6)
  • hashes: missed a spot for hashAlgorithm defaults (45997d8)
  • index: add length header before JSON for verification (fb8cb4d)
  • index: change index filenames to sha1s of keys (bbc5fca)
  • index: who cares about race conditions anyway (b1d3888)
  • perf: bulk-read get+read for massive speed (d26cdf9)
  • perf: use bulk file reads for index reads (79a8891)
  • put-stream: remove tmp file on stream insert error (65f6632)
  • put-stream: robustified and predictibilized (daf9e08)
  • put-stream: use new promise API for moves (1d36013)
  • readme: updated to reflect new default hashAlgo (c60a2fa)
  • verify: tiny typo fix (db22d05)

Features

  • api: converted external api (7bf032f)
  • cacache: exported clearMemoized() utility (8d2c5b6)
  • cache: add versioning to content and index (31bc549)
  • content: collate content files into subdirs (c094d9f)
  • deps: @npmcorp/move@1.0.0 (bdd00bf)
  • deps: bluebird@3.4.7 (3a17aff)
  • deps: promise-inflight@1.0.1 (a004fe6)
  • get: added memoization support for get (c77d794)
  • get: export hasContent (2956ec3)
  • index: add hashAlgorithm and format insert ret val (b639746)
  • index: collate index files into subdirs (e8402a5)
  • index: promisify entry index (cda3335)
  • memo: added memoization lib (da07b92)
  • memo: export memoization api (954b1b3)
  • move-file: add move fallback for weird errors (5cf4616)
  • perf: bulk content write api (51b536e)
  • put: added memoization support to put (b613a70)
  • read: switched to promises (a869362)
  • rm: added memoization support to rm (4205cf0)
  • rm: switched to promises (a000d24)
  • util: promise-inflight ownership fix requests (9517cd7)
  • util: use promises for api (ae204bb)
  • verify: converted to Promises (f0b3974)

BREAKING CHANGES

  • cache: index/content directories are now versioned. Previous caches are no longer compatible and cannot be migrated.
  • util: fix-owner now uses Promises instead of callbacks
  • index: Previously-generated index entries are no longer compatible and the index must be regenerated.
  • index: The index format has changed and previous caches are no longer compatible. Existing caches will need to be regenerated.
  • hashes: Default hashAlgorithm changed from sha1 to sha512. If you rely on the prior setting, pass opts.hashAlgorithm in explicitly.
  • content: Previously-generated content directories are no longer compatible and must be regenerated.
  • verify: API is now promise-based
  • read: Switches to a Promise-based API and removes callback stuff
  • rm: Switches to a Promise-based API and removes callback stuff
  • index: this changes the API to work off promises instead of callbacks
  • api: this means we are going all in on promises now