From 89f275b1df7e7bfa60e79953d8270ee831a15416 Mon Sep 17 00:00:00 2001 From: "Node.js GitHub Bot" Date: Tue, 14 May 2024 03:45:43 +0300 Subject: [PATCH] deps: update corepack to 0.28.1 PR-URL: https://github.com/nodejs/node/pull/52946 Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Antoine du Hamel Reviewed-By: Moshe Atlow Reviewed-By: Marco Ippolito Reviewed-By: Rafael Gonzaga --- deps/corepack/CHANGELOG.md | 13 +++++++++++++ deps/corepack/README.md | 5 +++-- deps/corepack/dist/lib/corepack.cjs | 19 +++++++++++-------- deps/corepack/package.json | 2 +- 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/deps/corepack/CHANGELOG.md b/deps/corepack/CHANGELOG.md index f5cef27cc047f9..20d282c3a7b8e0 100644 --- a/deps/corepack/CHANGELOG.md +++ b/deps/corepack/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## [0.28.1](https://github.com/nodejs/corepack/compare/v0.28.0...v0.28.1) (2024-05-10) + + +### Features + +* add support for `COREPACK_INTEGRITY_KEYS=0` ([#470](https://github.com/nodejs/corepack/issues/470)) ([f15ebc2](https://github.com/nodejs/corepack/commit/f15ebc289ebcd6a86580f15ae3c4ef0e1be37c4b)) +* update package manager versions ([#469](https://github.com/nodejs/corepack/issues/469)) ([985895b](https://github.com/nodejs/corepack/commit/985895bccb5ec68b3645c540d8500c572e1ccadb)) + + +### Bug Fixes + +* COREPACK_NPM_REGISTRY should allow for username/password auth ([#466](https://github.com/nodejs/corepack/issues/466)) ([6efa349](https://github.com/nodejs/corepack/commit/6efa34988229918debe6e881d45ba6715282f283)) + ## [0.28.0](https://github.com/nodejs/corepack/compare/v0.27.0...v0.28.0) (2024-04-20) diff --git a/deps/corepack/README.md b/deps/corepack/README.md index 42dc8c19085e88..f72f7f71ef77e8 100644 --- a/deps/corepack/README.md +++ b/deps/corepack/README.md @@ -296,8 +296,9 @@ same major line. Should you need to upgrade to a new major, use an explicit - `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` are supported through [`node-proxy-agent`](https://github.com/TooTallNate/node-proxy-agent). -- `COREPACK_INTEGRITY_KEYS` can be set to an empty string to instruct Corepack - to skip integrity checks, or a JSON string containing custom keys. +- `COREPACK_INTEGRITY_KEYS` can be set to an empty string or `0` to + instruct Corepack to skip integrity checks, or to a JSON string containing + custom keys. ## Troubleshooting diff --git a/deps/corepack/dist/lib/corepack.cjs b/deps/corepack/dist/lib/corepack.cjs index f81b561ce54d87..e2a2cde7446d24 100644 --- a/deps/corepack/dist/lib/corepack.cjs +++ b/deps/corepack/dist/lib/corepack.cjs @@ -22417,7 +22417,7 @@ function String2(descriptor, ...args) { } // package.json -var version = "0.28.0"; +var version = "0.28.1"; // sources/Engine.ts var import_fs4 = __toESM(require("fs")); @@ -22429,7 +22429,7 @@ var import_semver4 = __toESM(require_semver2()); var config_default = { definitions: { npm: { - default: "10.5.2+sha1.0e9b72afaf5ecf8249b2abb4b7417db6739c1475", + default: "10.7.0+sha1.c87e0bbb7a53422670e423d0198120760f67c3b7", fetchLatestFrom: { type: "npm", package: "npm" @@ -22466,7 +22466,7 @@ var config_default = { } }, pnpm: { - default: "9.0.3+sha1.ff3ad37177cbd0843e533aab13d5e40a05803b47", + default: "9.1.0+sha1.217063ce3fcbf44f3051666f38b810f1ddefee4a", fetchLatestFrom: { type: "npm", package: "pnpm" @@ -22530,7 +22530,7 @@ var config_default = { package: "yarn" }, transparent: { - default: "4.1.1+sha224.00f08619463229f8ba40c4ee90e8c2e4ced1f11c3115c26f3b98432e", + default: "4.2.2+sha224.1e50daf19e5e249a025569752c60b88005fddf57d10fcde5fc68b88f", commands: [ [ "yarn", @@ -22702,7 +22702,7 @@ ${key.key} async function fetchLatestStableVersion(packageName) { const metadata = await fetchAsJson2(packageName, `latest`); const { version: version2, dist: { integrity, signatures } } = metadata; - if (process.env.COREPACK_INTEGRITY_KEYS !== ``) { + if (!shouldSkipIntegrityCheck()) { verifySignature({ packageName, version: version2, @@ -22736,8 +22736,8 @@ async function fetch(input, init) { if (typeof input === `string`) input = new URL(input); let headers = init?.headers; - const username = input.username ?? process.env.COREPACK_NPM_USERNAME; - const password = input.password ?? process.env.COREPACK_NPM_PASSWORD; + const username = input.username || process.env.COREPACK_NPM_USERNAME; + const password = input.password || process.env.COREPACK_NPM_PASSWORD; if (username || password) { headers = { ...headers, @@ -23031,7 +23031,7 @@ async function installVersion(installTarget, locator, { spec }) { } if (!build[1]) { const registry = getRegistryFromPackageManagerSpec(spec); - if (registry.type === `npm` && !registry.bin && process.env.COREPACK_INTEGRITY_KEYS !== ``) { + if (registry.type === `npm` && !registry.bin && !shouldSkipIntegrityCheck()) { if (signatures == null || integrity == null) ({ signatures, integrity } = await fetchTarballURLAndSignature(registry.package, version2)); verifySignature({ signatures, integrity, packageName: registry.package, version: version2 }); @@ -23136,6 +23136,9 @@ async function runVersion(locator, installSpec, binName, args) { process.mainModule = void 0; process.nextTick(import_module.default.runMain, binPath); } +function shouldSkipIntegrityCheck() { + return process.env.COREPACK_INTEGRITY_KEYS === `` || process.env.COREPACK_INTEGRITY_KEYS === `0`; +} // sources/semverUtils.ts var import_semver2 = __toESM(require_semver2()); diff --git a/deps/corepack/package.json b/deps/corepack/package.json index 5ca045e37041e0..3737c1920844d3 100644 --- a/deps/corepack/package.json +++ b/deps/corepack/package.json @@ -1,6 +1,6 @@ { "name": "corepack", - "version": "0.28.0", + "version": "0.28.1", "homepage": "https://github.com/nodejs/corepack#readme", "bugs": { "url": "https://github.com/nodejs/corepack/issues"