diff options
author | Forrest L Norvell <forrest@npmjs.com> | 2015-04-03 11:14:09 +0300 |
---|---|---|
committer | Forrest L Norvell <forrest@npmjs.com> | 2015-04-03 11:14:09 +0300 |
commit | bd1f184b34d96d3aec75af21f1559dc45316d5e2 (patch) | |
tree | dbd5ef7a44794fd1814295a977e9f37437a5f5fa | |
parent | 755ff79afab1481f42abea87918431846deae4b8 (diff) |
update changelog for npm@2.7.6
-rw-r--r-- | CHANGELOG.md | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index c451593f5..7c1886263 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,88 @@ +### v2.7.6 (2015-04-02): + +#### GIT MEAN, GIT TUFF, GIT ALL THE WAY AWAY FROM MY STUFF + +Part of the reason that we're reluctant to take patches to how npm deals with +git dependencies is that every time we touch the git support, something breaks. +The last few releases are a case in point. `npm@2.7.4` completely broke +installing private modules from GitHub, and `npm@2.7.5` fixed them at the cost +of logging a misleading error message that caused many people to believe that +their dependencies hadn't been successfully installed when they actually had +been. + +This all started from a desire to ensure that GitHub shortcut syntax is being +handled correctly. The correct behavior is for npm to try to clone all +dependencies on GitHub (whether they're specified with the GitHub +`organization/repository` shortcut syntax or not) via the plain `git:` protocol +first, and to fall back to using `git+ssh:` if `git:` doesn't work. Previously, +sometimes npm would use `git:` and `git+ssh:` in some cases (most notably when +using GitHub shortcut syntax on the command line), and use `git+https:` in +others (when the GitHub shortcut syntax was present in `package.json`). This +led to subtle and hard-to-understand inconsistencies, and we're glad that as of +`npm@2.7.6`, we've finally gotten things to where they were before we started, +only slightly more consistent overall. + +We are now going to go back to our policy of being extremely reluctant to touch +the code that handles Git dependencies. + +* [`b747593`](https://github.com/npm/npm/commit/b7475936f473f029e6a027ba1b16277523747d0b) + [#7630](https://github.com/npm/npm/issues/7630) Don't automatically log all + git failures as errors. `maybeGithub` needs to be able to fail without + logging to support its fallback logic. + ([@othiym23](https://github.com/othiym23)) +* [`cd67a0d`](https://github.com/npm/npm/commit/cd67a0db07891d20871822696c26692c8a84866a) + [#7829](https://github.com/npm/npm/issues/7829) When fetching a git remote + URL, handle failures gracefully (without assuming standard output exists). + ([@othiym23](https://github.com/othiym23)) +* [`637c7d1`](https://github.com/npm/npm/commit/637c7d1411fe07f409cf91f2e65fd70685cb253c) + [#7829](https://github.com/npm/npm/issues/7829) When fetching a git remote + URL, handle failures gracefully (without assuming standard _error_ exists). + ([@othiym23](https://github.com/othiym23)) + +#### OTHER SIGNIFICANT FIXES + +* [`78005eb`](https://github.com/npm/npm/commit/78005ebb6f4103c20f077669c3929b7ea46a4c0d) + [#7743](https://github.com/npm/npm/issues/7743) Always quote arguments passed + to `npm run-script`. This allows build systems and the like to safely escape + glob patterns passed as arguments to `run-scripts` with `npm run-script + <script> -- <arguments>`. This is a tricky change to test, and may be + reverted or moved to `npm@3` if it turns out it breaks things for users. + ([@mantoni](https://github.com/mantoni)) +* [`da015ee`](https://github.com/npm/npm/commit/da015eee45f6daf384598151d06a9b57ffce136e) + [#7074](https://github.com/npm/npm/issues/7074) `read-package-json@1.3.3`: + `read-package-json` no longer caches `package.json` files, which trades a + very small performance loss for the elimination of a large class of really + annoying race conditions. See [#7074](https://github.com/npm/npm/issues/7074) + for the grisly details. ([@othiym23](https://github.com/othiym23)) +* [`dd20f57`](https://github.com/npm/npm/commit/dd20f5755291b9433f0d298ee0eead22cda6db36) + `init-package-json@1.3.2`: Only add the `@` to scoped package names if it's + not already there when reading from the filesystem + ([@watilde](https://github.com/watilde)), and support inline validation of + package names ([@michaelnisi](https://github.com/michaelnisi)). + +#### SMALL FIXES AND DEPENDENCY UPGRADES + +* [`1f380f6`](https://github.com/npm/npm/commit/1f380f66c1e944b8ffbf096fa94d09e931626e12) + [#7820](https://github.com/npm/npm/issues/7820) `are-we-there-yet@1.0.4`: Use + `readable-stream` instead of built-in `stream` module to better support + Node.js 0.8.x. ([@SonicHedgehog](https://github.com/SonicHedgehog)) +* [`d380188`](https://github.com/npm/npm/commit/d380188e161be31f5a4f53947de6bc28df4732d8) + `semver@4.3.3`: Don't throw on `semver.parse(null)`, and parse numeric + version strings more robustly. ([@isaacs](https://github.com/isaacs)) +* [`01d9964`](https://github.com/npm/npm/commit/01d99649265f921e1c61cf406613e7042bcea008) + `nock@1.4.0`: This change may need to be rolled back, or rolled forward, + because [nock depends on + `setImmediate`](https://github.com/npm/npm/issues/7842), which causes tests + to fail when run with Node.js 0.8. ([@othiym23](https://github.com/othiym23)) +* [`91f5cb1`](https://github.com/npm/npm/commit/91f5cb1fb91520fbe25a4da5b80848ed540b9ad3) + [#7791](https://github.com/npm/npm/issues/7791) Fix brackets in npmconf so + that `loaded` is set correctly. + ([@charmander](https://github.com/charmander)) +* [`1349e27`](https://github.com/npm/npm/commit/1349e27c936a8b0fc9f6440a6d6404ef3b19c587) + [#7818](https://github.com/npm/npm/issues/7818) Update `README.md` to point + out that the install script now lives on https://www.npmjs.com. + ([@weisjohn](https://github.com/weisjohn)) + ### v2.7.5 (2015-03-26): #### SECURITY FIXES |