Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update node-gyp and node-pre-gyp #1441

Merged
merged 8 commits into from Mar 9, 2021
Merged

Update node-gyp and node-pre-gyp #1441

merged 8 commits into from Mar 9, 2021
+4 −4

Conversation

inukshuk
Copy link
Contributor

@inukshuk inukshuk commented Feb 9, 2021

This is basically the same as #1361 and also updates node-pre-gyp. Without updating these two I'm running into all kinds of issues trying to rebuild from source for Electron and for Apple's arm64.

@joao-paulo-parity
Copy link

@joao-paulo-parity joao-paulo-parity commented Feb 22, 2021

This might fix #1434 since the problem there entails pre-node-gyp

@joao-paulo-parity joao-paulo-parity mentioned this pull request Feb 22, 2021
Closed
@kewde
Copy link
Collaborator

@kewde kewde commented Mar 9, 2021

Hi,

I've unscoped the variables as it will trigger a location change of node-pre-gyp for everyone and I'd rather not break anything.
Scoping dev dependencies is fine though IMHO.

@inukshuk
Copy link
Contributor Author

@inukshuk inukshuk commented Mar 9, 2021

@kewde the unscoped packaged will not receive any updates going forward, so I believe we will have to make the switch at some point?

@kewde
Copy link
Collaborator

@kewde kewde commented Mar 9, 2021
edited

@inukshuk thanks for pointing that out, in that case, the scoped package is the better option.
I've added it again and will look at merging it.

@kewde kewde merged commit 3fb3715 into TryGhost:master Mar 9, 2021
2 checks passed
@kewde kewde added this to the 5.0.3 milestone Mar 9, 2021
@kewde kewde mentioned this pull request Mar 9, 2021
Closed
@kewde kewde mentioned this pull request Mar 9, 2021
Closed
@candrews candrews mentioned this pull request Apr 8, 2021
Closed
@tniessen
Copy link

@tniessen tniessen commented Apr 30, 2021

This does appear to fix #1434. Is there any chance this could make it into a release on npm soon? I am pulling in the GitHub repository for now.

@cclauss cclauss mentioned this pull request Jun 7, 2021
Closed
@mikehardy
Copy link

@mikehardy mikehardy commented Jun 18, 2021

A gentle request saying I would love to see this released, I'm also successfully using the commithash as a package.json reference and it's great, FWIW. Cheers

@lizthegrey
Copy link

@lizthegrey lizthegrey commented Aug 20, 2021

the 3.x node-gyp dependency is now causing security alerts in packages that depend upon sqlite3 because of the indirect dep upon tar :(

@HillTravis
Copy link

@HillTravis HillTravis commented Aug 24, 2021

I also came here because of the security alert. Did as others suggested, using the commit hash by installing this way:

npm i mapbox/node-sqlite3#593c9d498be2510d286349134537e3bf89401c4a

And that resolves the security alert. Would be better to have a release with this update in it, please @kewde.

@samuelms1 samuelms1 mentioned this pull request Oct 6, 2021
Closed
@samuelms1
Copy link

@samuelms1 samuelms1 commented Oct 6, 2021

Bumping this -- please publish a new release @kewde

I'm also here due to the tar dependency vulnerability CVE-2021-37713

@samuelms1 samuelms1 mentioned this pull request Oct 6, 2021
Open
@samuelms1 samuelms1 mentioned this pull request Oct 6, 2021
Closed
@secure12
Copy link

@secure12 secure12 commented Oct 8, 2021

Will there be a release resolving the vulnerabilities prompt any time soon?

@hardillb hardillb mentioned this pull request Oct 20, 2021
Open
6 tasks
@builtbyproxy builtbyproxy mentioned this pull request Oct 28, 2021
Merged
@joshgoebel
Copy link

@joshgoebel joshgoebel commented Oct 28, 2021

Bumping this also would like a new release.

@chenpx976
Copy link

@chenpx976 chenpx976 commented Nov 3, 2021

please publish a new release

@samuelms1
Copy link

@samuelms1 samuelms1 commented Nov 3, 2021

Please publish a new release. This fixes CVE-2021-3807 among other things.

@samoilenko
Copy link

@samoilenko samoilenko commented Nov 5, 2021

up

atulsmadhugiri added a commit to CommE2E/comm that referenced this issue Dec 29, 2021
@atulsmadhugiri
[yarn] remotedev-server -> @redux-devtools/cli
13fe20e 
Summary:
`remotedev-server` has been deprecated and moved to `@redux-devtools/cli`

I looked through the commits in the new repo and there didn't appear to be any significant/breaking changes.

Had to include `node-gyp` here to get `sqlite3`(npm) (dependency of `@redux/devtools/cli`) to build successfully. There's a commit in the `sqlite3` repo to address this... but they haven't made a release (PR that addresses + people asking for a release TryGhost/node-sqlite3#1441)

Test Plan: Able to use RemoteDev successfully: https://blob.sh/atul/73a5.png

Reviewers: varun, palys-swm, def-au1t, ashoat

Reviewed By: ashoat

Subscribers: benschac, ashoat, Adrian, karol-bisztyga, boristopalov

Differential Revision: https://phabricator.ashoat.com/D2712
@tianon tianon mentioned this pull request Jan 12, 2022
Closed
@tianon tianon mentioned this pull request Jan 12, 2022
Merged
@Piumal1999
Copy link

@Piumal1999 Piumal1999 commented Jan 15, 2022

Hi @kewde, Could you please let us know the next release date?

@cendyne
Copy link

@cendyne cendyne commented Mar 11, 2022

Please release this, knex depends on vscode-sqlite3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.0.3
Development

Successfully merging this pull request may close these issues.

None yet