Releases: hermo/npmi-go
v0.10.1
v0.10.0
Breaking changes
- Dropped Windows support due to apparent lack of usage
- Reverted unsafe symlink support to pre-0.9.0 style, insecure by default, because absolute symlinks etc are so prevalent
Added
- Env / CLI options for tar file security hardening:
- NPMI_TAR_ABSOLUTE_PATHS Allow absolute paths in tar archives (Default: true)
- NPMI_TAR_DOUBLE_DOT_PATHS Allow double dot paths in tar archives (Default: true)
- NPMI_TAR_LINKS_OUTSIDE_CWD Allow links outside of the current working directory (Default: true)
Changelog
- c82ba0e Add TarLinksOutsideCwd flag
- 76740d7 Allow configuration of tar security options
- 40d4f6d Apply tar security settings when extracting
- 4e9a0cf Disable tar security by default for backwards compatibility
- 5693b05 Drop windows support
- 61a2340 Fix usage formatting
- b5e5093 Have goreleaser report file sizes
- 5badc7c Optionally allow absolute paths
- 4681787 Update deps
- c3d09d5 Update readme
- f430068 Update staticcheck
- e5524cd Upgrade goreleaser
v0.9.0
Breaking changes
- npmi-go will now refuse to cache absolute symlinks. Absolute symlinks might be unavoidable in some cases and a new flag will be added to an upcoming version to allow them.
Deprecations
- -verbose and NPMI_VERBOSE are deprecated. Please use the -loglevel flag or NPMI_LOGLEVEL env variable with 'debug' or 'trace'
Changelog
- 3b1fe54 Actually use env v10
- e60564f Add benchmark
- f3655e9 Add benchmark filter to runner
- 824311c Add benchmark tarball
- b49ebad Add benchmark tool
- 2af95c8 Add dependency go-hclog
- 4ce90eb Add klauspost/pgzip
- 9f14d86 Add optimized version of IsBad
- ca3130a Add optional JSON log output
- 7d9da3b Add tar creation benchmark
- 006ce5c Add temp dir docs to readme
- 4f287e6 Add trace logging to local cache
- eeed60c Add trace logging to minio cache
- 7c4df70 Automatically enable color when available
- 456de62 Bump dominikh/staticcheck-action from 1.2.0 to 1.3.0
- 0a9e313 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0
- 6a3dba0 Bump github.com/hashicorp/go-hclog from 1.2.2 to 1.3.0
- 1169fd4 Bump github.com/minio/minio-go/v7 from 7.0.34 to 7.0.36
- 3ee8c21 Bump github.com/minio/minio-go/v7 from 7.0.45 to 7.0.49
- 3bb54ef Bump golang.org/x/net from 0.4.0 to 0.7.0
- 9558c25 Don't increase run counter until done
- 2015ccd Extract bad path util
- 408c82c Fix tab issue
- 880b5fd Fix typo
- 024717d Have RemoveFilesNotPresentInManifest return the files it removed
- d4a351f Have archive.Create return warnings on completion
- e48d6f4 Ignore benchmark temp files
- a977d43 Ignore compress benchmark results
- bfb8bc4 Improve bad path detection
- 400489c Improve bad path detection
- b60969b Improve error handling in ParseFlags
- 132b590 Improve naming in logs
- 2a3daf6 Improve startup error reporting
- cd2106b Re-add -verbose with a deprecation notice
- fe43e3f Refactor IsBad
- 5b0ab34 Remove unoptimized IsBad
- f3ff2d7 Remove unused multiwriter support
- c37423b Rename extract benchmark
- 5dadaed Replace -verbose with -loglevel XXX
- 6390f70 Report version and minimal information by default
- e89903c Shorten deprecation notices
- 87c40c2 Slightly improve memory efficiency by using map[string]struct{} instead of bool
- 266d800 Unify error handling
- 1828b7b Update deps
- 9986e4c Update deps
- 2a164db Update github checkout actions
- 6518239 Update signing key path
- 2966901 Use go-hclog for logging
- 0a1041c Use pgzip for faster decompression
- 11fb199 Use pgzip for improved archive creation
v0.8.0
Changelog
- c6a8ecf Add Stringer implementation to caches
- 15241ee Add dependabot
- afe05c5 Add diagram
- f8e62e8 Add failing test for archive creation
- 895b16f Add option to select temporary directory
- 7e325e3 Add rough checking of symlinks during archive creation
- 0a41fe5 Bump github.com/caarlos0/env/v6 from 6.5.0 to 6.7.1
- 10a5f6a Bump github.com/minio/minio-go/v7 from 7.0.10 to 7.0.13
- a4640f1 Extract test dir setup/teardown code
- 2138a8f Refactor archive tests to use t.Run()
- 44e3811 Remove unused Cacher#String
- 5e26957 Switch checking to staticcheck
- 8ddb6ca Upgrade dependencies
v0.7.1
v0.7.0
Changelog
8f528b3 Add failing evil tests for symlink support
7caf194 Add rudimentary symlink support
4994abf Add some happy tests for symlink support
559bb10 Add uuid package to supply node_modules/.bin/uuid
a826191 Fail when encountering invalid symlinks
333f5a8 Preserve basic permissions
f280f64 Preserve directory mtimes
a5cd09e Preserve file/dir mtimes
v0.6.0
v0.5.0
v0.4.0
Changelog
9f0ed6c Add default runner to nodeconfig
0de1e98 Add dev notes
147666a Add dummy .exe files to test path for Windows compat
5ebe24d Add dummy certificate for testing TLS
e47cb5c Add flag to allow insecure TLS
3d1cb2d Add missing err check to configBuilder.Build()
83ea051 Add release instructions
e14762f Add some build instructions
3e37669 Add test data
6b11c76 Add test for HashString
3ff64e9 Check Seek return value
9cc6c85 Clarify installation error
4852eb6 Ensure tests run cleanly by creating testdata/node_modules before mock run
32af4c1 Extract Installer
8deecbd Extract method cacheInstalledPackages
a2d3693 Extract method createCacheKey
5508d53 Fix goreleaser version variable paths
e19f244 Fix regression: Local cache should be enabled by default
1c10e2b Hack and slash
b32b536 Introduce Main type
732b37b Introduce NodeConfig
9d53e22 Make RunCommand and DeterminePlatform testable
f96ac1e Move hashing to more appropriate package
11875ca Output a warning when running with no caches enabled
9d35d9b Refactor
031be95 Refactor config and other things
8f19fb4 Refactor for legibility
dad6ddf Refactor tests
a3f291a Relocate main to root directory
1ae5bd1 Rename Installer -> NpmInstaller
410c8e9 Rename main.RunAllSteps -> m.Run
1f6c41f Rename nodeconfig
503f183 Split main to smaller functions
e36be8d Test InitNodeBinaries
347ca0a Update readme
f17b023 Update testing instructions
d42e3bc update deps