Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-27 22:59:51 -05:00
Code Issues Activity
3364 commits 18 branches 2231 tags 790 MiB
Commit graph

289 commits

Author SHA1 Message Date
dependabot-preview[bot]
2d0d34c4f2 build(deps): [security] bump https-proxy-agent from 2.2.2 to 2.2.4 (#1582) 
Bumps [https-proxy-agent](https://github.com/TooTallNate/node-https-proxy-agent) from 2.2.2 to 2.2.4. **This update includes security fixes.**
- [Release notes](https://github.com/TooTallNate/node-https-proxy-agent/releases)
- [Commits](https://github.com/TooTallNate/node-https-proxy-agent/compare/2.2.2...2.2.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-19 06:03:01 +01:00
dependabot-preview[bot]
399421e609 build(deps-dev): bump @types/semver from 6.0.2 to 6.2.0 (#1574) 
Bumps [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) from 6.0.2 to 6.2.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-17 11:55:48 +01:00
dependabot-preview[bot]
c416febbb6 build(deps-dev): bump @types/lodash from 4.14.141 to 4.14.148 (#1579) 
Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.14.141 to 4.14.148.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-17 07:03:01 +01:00
dependabot-preview[bot]
0106811061 build(deps-dev): bump cross-env from 5.2.1 to 6.0.3 (#1570) 
Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 5.2.1 to 6.0.3.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/cross-env/compare/v5.2.1...v6.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-17 07:02:33 +01:00
dependabot-preview[bot]
f7c7d167b1 build(deps-dev): bump detect-secrets from 1.0.4 to 1.0.5 (#1575) 
Bumps [detect-secrets](https://github.com/lirantal/detect-secrets) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/lirantal/detect-secrets/releases)
- [Commits](https://github.com/lirantal/detect-secrets/compare/v1.0.4...v1.0.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-16 13:26:32 +01:00
dependabot-preview[bot]
4e5b6e8d3f build(deps-dev): bump @types/jest from 24.0.22 to 24.0.23 (#1576) 
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 24.0.22 to 24.0.23.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-16 13:22:30 +01:00
dependabot-preview[bot]
b7757f898b build(deps-dev): bump @types/async from 3.0.2 to 3.0.3 (#1561) 
Bumps [@types/async](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/async) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/async)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-08 19:36:18 +01:00
dependabot-preview[bot]
a774d4e1c4 build(deps-dev): bump @types/jest from 24.0.18 to 24.0.22 (#1560) 
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 24.0.18 to 24.0.22.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-08 19:35:50 +01:00
dependabot-preview[bot]
e801d01a0c build(deps): bump dayjs from 1.8.16 to 1.8.17 (#1562) 
Bumps [dayjs](https://github.com/iamkun/dayjs) from 1.8.16 to 1.8.17.
- [Release notes](https://github.com/iamkun/dayjs/releases)
- [Changelog](https://github.com/iamkun/dayjs/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/iamkun/dayjs/compare/v1.8.16...v1.8.17)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-08 19:35:24 +01:00
dependabot-preview[bot]
e982033013 build(deps-dev): bump verdaccio-auth-memory from 8.2.0 to 8.3.0 (#1559) 
Bumps [verdaccio-auth-memory](https://github.com/verdaccio/monorepo/tree/HEAD/plugins/auth-memory) from 8.2.0 to 8.3.0.
- [Release notes](https://github.com/verdaccio/monorepo/releases)
- [Changelog](https://github.com/verdaccio/monorepo/blob/master/plugins/auth-memory/CHANGELOG.md)
- [Commits](https://github.com/verdaccio/monorepo/commits/v8.3.0/plugins/auth-memory)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-08 08:48:04 +01:00
dependabot-preview[bot]
c6e80b58a7 build(deps-dev): bump jest-junit from 8.0.0 to 9.0.0 (#1556) 
Bumps [jest-junit](https://github.com/jest-community/jest-junit) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/jest-community/jest-junit/releases)
- [Commits](https://github.com/jest-community/jest-junit/compare/v8.0.0...v9.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-08 06:48:31 +01:00
dependabot-preview[bot]
4cd4a7155f build(deps): [security] bump eslint-utils from 1.4.0 to 1.4.3 (#1554) 
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.4.0 to 1.4.3. **This update includes security fixes.**
- [Release notes](https://github.com/mysticatea/eslint-utils/releases)
- [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.4.0...v1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-07 18:38:36 +01:00
dependabot-preview[bot]
241b0e51f7 build(deps): bump @verdaccio/commons-api from 8.2.0 to 8.3.0 (#1555) 
Bumps [@verdaccio/commons-api](https://github.com/verdaccio/monorepo/tree/HEAD/core/commons-api) from 8.2.0 to 8.3.0.
- [Release notes](https://github.com/verdaccio/monorepo/releases)
- [Changelog](https://github.com/verdaccio/monorepo/blob/master/core/commons-api/CHANGELOG.md)
- [Commits](https://github.com/verdaccio/monorepo/commits/v8.3.0/core/commons-api)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-07 18:29:32 +01:00
Juan Picado @jotadeveloper
0aba1c36d9
chore: update Typescript 3.7.1-rc (#1536) 
* chore: update typescript@3.7.0-beta

* chore: update to typescript@3.7.1-rc
 2019-10-26 13:03:25 +02:00
Juan Picado @jotadeveloper
c70be6ec82
chore: update typescript@3.7.0-beta (#1507) 2019-10-26 12:48:35 +02:00
Juan Picado @jotadeveloper
2ac7770459
fix: security vulnerability at readme in dompurify dep (#1532) 
Fix Cross-site Scripting (XSS) in @verdaccio/readme
 2019-10-23 20:49:36 +02:00
Sergio Hg
1d1a6829db ci(circleci): store test results in junit format (#1497) 2019-10-05 16:29:49 +02:00
Sergio Hg
a1aefae0f4 chore(deps): update verdaccio-audit to fix express version (#1490) 2019-09-30 22:59:42 +02:00
Juan Picado @jotadeveloper
9d68816bde chore: update dependencies (#1485) 2019-09-30 20:54:10 +02:00
Juan Picado @jotadeveloper
b486a9df1a
chore: update dependencies (#1472) 2019-09-26 19:40:23 +02:00
Juan Picado @jotadeveloper
dbf20175dc
feat: npm token command support (#1427) 
* feat: support for npm token

This is an effor of:

This commit intent to provide npm token support.

https: //github.com/verdaccio/verdaccio/issues/541
https: //github.com/verdaccio/verdaccio/pull/1271
https: //github.com/verdaccio/local-storage/pull/168
Co-Authored-By: Manuel Spigolon <behemoth89@gmail.com>
Co-Authored-By: Juan Gabriel Jiménez <juangabreil@gmail.com>

* chore: update secrets baselines

Co-Authored-By: Liran Tal <liran.tal@gmail.com>

* chore: update lock file

* chore: add logger mock methods

* chore: update @verdaccio/types

* refactor: unit test was flacky

adapt the pkg access to the new configuration setup

* refactor: add plugin methods validation

* test: add test for aesEncrypt

* chore: update local-storage dependency

* chore: add support for experimetns

token will be part of the experiment lists

* chore: increase timeout

* chore: increase timeout threshold

* chore: update nock

* chore: update dependencies

* chore: update eslint config

* chore: update dependencies

* test: add unit test for npm token

* chore: update readme
 2019-09-07 15:46:50 -07:00
Juan Picado @jotadeveloper
d5303f407b
feat: browse web package version (#1457) 
* feat: allow endpoint to query by version

* chore: update @verdaccio/ui-theme

* test: add unit test for sidebar endpoint by version
 2019-09-05 12:12:10 -07:00
Juan Picado @jotadeveloper
37530ac0fd
build: update dependencies (#1452) 
* build: update dependencies

* chore: update dependencies

* chore: update dependencies

* chore: update dependencies

* chore: allow ts-ignore

we will remove this in the future, warn for now

* chore: eslint rules as warning

this is due the update, we will address this later
 2019-08-25 10:16:43 -07:00
Juan Picado @jotadeveloper
423371423a
fix: update @verdaccio/ui-theme@0.2.3 (#1451) 
https://github.com/verdaccio/ui/blob/master/CHANGELOG.md#023-2019-08-25

missing headers on search endpoint with token (#121) (ac58730)
refactoring version page / fix issue not found page #100 (#117) (97e8448)
remove ToReplaceByVerdaccio #108 (#122) (5a9bd60)
api: correctly handle responses with missing content-type header (2049022)
 2019-08-25 09:41:04 -07:00
Liran Tal
9b0b0bfac3 build: Lint the lockfile for security policies (#1444) 
* feat: lint lockfiles

* fix: update secrets baseline
 2019-08-25 09:37:25 -07:00
Juan Picado @jotadeveloper
c264f944fb
fix: unpublish and add or remove star colision (#1434) 
* fix: unpublish and add or remove star colision

The issue was the npm star use a similar payload, but we did not check properly the shape of the payload, this fix and allow unpublish correctly.

Improve unit testing for publishing and unpublishing
Add new code documentation for future changes.

* chore: update secrets baseline

* chore: add missing type

this will requires update types in the future
 2019-08-10 13:38:06 +02:00
Juan Picado @jotadeveloper
4fb20efe60
Merge pull request #1418 from jamesgeorge007/hotfix/remove-stub-definition 
fix(chore): remove stub type definition for handlebars
 2019-08-01 18:41:40 +02:00
jamesgeorge007
19b9af3401 update yarn.lock 2019-08-01 13:54:13 +05:30
Zoltan Kochan
849f5bccb4 fix(deps): add missing prod dependency 
http-errors needs to be a prod dependency
as it is used in code.
 2019-07-31 19:08:32 +03:00
Juan Picado @jotadeveloper
9dd1c8f400
feat: update to @verdaccio/ui-theme@0.2.2 
- fix: https://github.com/verdaccio/ui/issues/76
- fix: https://github.com/verdaccio/ui/issues/75
- fix: https://github.com/verdaccio/ui/pull/106
- feat: https://github.com/verdaccio/ui/pull/47

Co-Authored-By: Priscila Oliveira <priscilawebdev@gmail.com>
Co-Authored-By: Sergio Hg <sergiohgz@users.noreply.github.com>
Co-Authored-By: Griffith <griffithtp@users.noreply.github.com>
 2019-07-29 20:12:00 +02:00
Juan Picado @jotadeveloper
d93e76b366
feat: add new prop to audit middleware 
- context: https://github.com/verdaccio/verdaccio-audit/pull/12
- related https://github.com/verdaccio/verdaccio/issues/1293

Co-Authored-By: Danny Frencham <dfrencham@users.noreply.github.com>
 2019-07-29 10:12:29 +02:00
Liran Tal
c9f1124fda
chore(deps): bump detect-secrets for enhanced dev workflow 2019-07-27 13:32:11 +03:00
Liran Tal
2b218ce0de
fix(security): add secrets baseline 2019-07-19 08:02:08 +03:00
Liran Tal
aa8f1d3318
fix: upgrade to 1.0.2 which solves the docker issue 2019-07-19 06:39:22 +03:00
Liran Tal
9ef6808d4e
feat: prevent secrets from leaking to source control 2019-07-19 06:39:20 +03:00
Juan Picado @jotadeveloper
12b60f6cb7
build: fix semver missing type on build with docker 
it seems the @types/semver do not handle a legitimate method named 'compareLoose'
 2019-07-16 18:27:58 +02:00
Juan Picado @jotadeveloper
66f4197236
feat: convert project to typescript (#1374) 
* chore: test

* chore: add

* chore: more progress

* chore: progress in migration, fix prettier parser

* chore: reduce tsc errors

* chore: refactor storage utils types

* chore: refactor utils types

* chore: refactor local storage types

* chore: refactor config utils types

* chore: refactor tsc types

* refactor: apply eslint fix, tabs etc

* chore: fix lint errors

* test: update unit test conf to typescript setup

few test refactored to typescript

* chore: enable more unit test

migrate to typescript

* chore: migrate storage test to tsc

* chore: migrate up storage test to tsc

* refactor: enable plugin and auth test

* chore: migrate plugin loader test

* chore: update dependencies

* chore: migrate functional test to typescript

* chore: add codecove

* chore: update express

* chore: downgrade puppeteer

The latest version does not seems to work properly fine.

* chore: update dependencies
 2019-07-16 08:40:01 +02:00
dependabot[bot]
b453681082 build(deps): bump lodash.template from 4.4.0 to 4.5.0 (#1384) 
Bumps [lodash.template](https://github.com/lodash/lodash) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.4.0...4.5.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2019-07-11 20:52:15 +02:00
Juan Picado @jotadeveloper
44c1610791
chore: restore @verdaccio/ui-theme@0.1.11 
due to https://github.com/verdaccio/ui/issues/89
 2019-07-08 09:40:38 +02:00
Juan Picado @jotadeveloper
a0cf98546b
chore: update dependencies 
regular maintenance
 2019-07-08 09:23:07 +02:00
James George
eb6bf5168b feat(chore): Included provision to show up local environment information (#1365) 
* feat: adds provision to show up environment information

Fixes #1364

* feat: include docker info

* fix: pin envinfo

* fix: lock file

* fix: docker config

* fix: minor refactor

handle async behaviour

* feat: add short version for info
 2019-06-30 18:17:25 +02:00
Juan Picado @jotadeveloper
0fa26293a8
Merge remote-tracking branch 'origin/master' into 4.1.x 2019-06-13 22:04:35 +02:00
Will Smythe
eb7a8e3528 fix(api): return 503 to npm/yarn on uplink connection timeout (#1331) 
fix  #1328 and #720

Type: bug

The following has been addressed in the PR:

Instead of returning a 404 (Not Found) when npm, yarn, etc requests a package and the package cannot be acquired from an uplink due to a connection timeout, socket timeout, or connection reset problem, a 503 (service unavailable) is returned by Verdaccio instead. In limited testing of a few versions of npm and yarn, both of these clients correctly attempt to retry the request when a 503 is returned.

Added functional tests to verify the behavior (this adds a dev dependency on nock, which provides HTTP request mocking

Description:

This resolves issue #1328 and #720, and ensures npm/yarn install commands don't fail immediately when there is an intermittent network timeout problem with an uplink. Instead Verdaccio will appropriately respond to the client with a 503. A 404 response (current behavior) incorrectly tells the client that the package does not exist (which may or may not be true) and to not try again.
 2019-06-13 21:42:01 +02:00
Juan Picado @jotadeveloper
192fb77169
fix(ui): failed to load all packages after login 
more details https://github.com/verdaccio/ui/issues/72
 2019-06-13 06:49:40 +02:00
Juan Picado @jotadeveloper
e5816342a6
fix: update dependencies 
fix #1339 dayjs warning on yarn installation
 2019-06-13 06:42:39 +02:00
Juan Picado @jotadeveloper
cb7b695896
chore: update lock file 2019-05-17 21:01:13 +02:00
Juan Picado @jotadeveloper
7686417f29
feat: update readme v4 (#1312) 
* feat: update readme v4

* chore: update @verdaccio/ui-theme@0.1.9

* chore: update @verdaccio/ui-theme@0.1.10
 2019-05-17 08:03:58 -07:00
Juan Picado @jotadeveloper
8e48eea511
fix: update @verdaccio/ui-theme:0.1.7 
https://github.com/verdaccio/ui/pull/54
 2019-05-11 09:30:10 +02:00
Juan Picado @jotadeveloper
b4bc6ff4e5
chore: fix #1292 add missing dependencies 
remove non required dependencies
 2019-05-09 23:41:16 +02:00
Juan Picado @jotadeveloper
3c691329c7
fix: update lock file 2019-05-07 20:58:36 +02:00