fix(deps): update dependency verdaccio to v5 #764
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^5.30.3
->^5.31.0
Release Notes
verdaccio/verdaccio (verdaccio)
v5.31.0
Compare Source
(🗞️ hey renovate users, read this)
ℹ️ Important changes added to the
.verdaccio-db.json
and token signature for users that run on Node.js 22 or higher (in the future 🙃 ) please readhttps://verdaccio.org/docs/configuration/#.verdaccio-db
TLDR:
[VERWAR007] VerdaccioDeprecation: the secret length is too lon...
to remove it please read the link above.verdaccio-db.json
and the token inside does not complies with the length (read link above) the application startup will fail with fatal error (Error: Invalid storage secret key length, must be 32 characters long but is....
)In both cases by updating the secret all previously tokens will get invalid, in your benefit a new legacy signature will be applied and is more secure than the old one (generating tokens with salt).
For existing installations that have no issues by invalidating tokens is recommended to add to the
config.yaml
the following setup, this will automatically generate a new the secret once is started, could be removed aftewards, if all went succesfull the[VERWAR007]
deprecation will not be displayed anymore.Any new installation should not worry about this, new token signature and secret (32 characters) is applied by default.
Features
Bug Fixes
v5.30.3
Compare Source
5.30.3 (2024-04-06)
ℹ️ Verdaccio v6.0.0-beta.2 has been released, ready for user test to ensure the best backward compatibility, help us by trying it out.
Bug Fixes
v5.30.2
Compare Source
5.30.2 (2024-03-24)
ℹ️ Verdaccio v6.0.0-beta.2 has been released, ready for user test to ensure the best backward compatibility, help us by trying it out.
Bug Fixes
1ceb9f9
] https://github.com/verdaccio/verdaccio/pull/4560 (verdaccio/verdaccio@1ceb9f9)) (remove engine strict message in older Node.js versions)v5.30.1
Compare Source
5.30.1 (2024-03-24)
Bug Fixes
v5.30.0
Compare Source
🎉 3 new contributors
ℹ️ Verdaccio v6.0.0-beta.2 has been released, ready for user test to ensure the best backward compatibility, help us by trying it out.
Features
On the versions view there is a new filter that allows semantic versioning filtering (feedback is welcome)
Versions filter by semver range
Bug Fixes
v5.29.2
Compare Source
5.29.2 (2024-02-21)
Bug Fixes
v5.29.1
Compare Source
5.29.1 (2024-02-17)
Bug Fixes
Powered by @mbtools 💯
v5.29.0
Compare Source
Features
v5.28.0
Compare Source
Features
Bug Fixes
v5.27.1
Compare Source
5.27.1 (2023-12-02)
Bug Fixes
v5.27.0
Compare Source
Features
User Interface updates in detail
download progress indicator:
A new indicator was added on the detail page action button and the packages view (small icon to download)
fix dark mode and readme css support
The README was not on sync with the
darkMode
settings displaying a white box when the dark mode was enabled.fix global for
yarn
packages and add version to the packages on copyyarn -g xxx@xxx
is not a valid syntax, has been replaced byyarn global
yarn modern
syntax, sinceglobal
is not valid on yarn >2.x theglobal
is ignoredfeat: hide deprecated versions option
npm deprecate
is a valuable command, but is not enough visible on the UI whenever a package has been deprecated, also could be many packages are deprecated and should not be longer visible (later in the future a filter will be added to display then), the new option hide all those version from the UI.fix: improve deprecated package style
The
deprecated
banner was not on sync with the material-ui components.feat: display deprecated versions
Deprecated versions display a badge, thus is clearly visible which packages are already deprecated.
v5.26.3
Compare Source
5.26.3 (2023-09-24)
Bug Fixes
v5.26.2
Compare Source
5.26.2 (2023-08-26)
Bug Fixes
v5.26.1
Compare Source
Bug Fixes
v5.26.0
Compare Source
Features
Bug Fixes
v5.25.0
Compare Source
Features
Bug Fixes
UI set global package on sidebar setting
Set a package as global on the side bar installation view.
v5.24.1
Compare Source
5.24.1 (2023-04-24)
Bug Fixes
v5.24.0
Compare Source
Features
Bug Fixes
v5.23.2
Compare Source
5.23.2 (2023-04-04)
Bug Fixes
v5.23.1
Compare Source
5.23.1 (2023-03-23)
Bug Fixes
v5.23.0
Compare Source
Features
Bug Fixes
v5.22.1
Compare Source
5.22.1 (2023-03-07)
config.yaml
he propertylogs
will show a deprecation warning and the property should be renamed tolog
to get rid of the warning, the propertylogs
still backward compatible. Please start renaming tolog
, this is one less migration step to do for future v6 release.ℹ️ The new installations won't see this warning because the default yaml file already uses
log
.Docs
Bug Fixes
Docs
v5.22.0
Compare Source
usingfixed at https://github.com/verdaccio/verdaccio/releases/tag/v5.22.1experiments
flag fails on start up https://github.com/verdaccio/verdaccio/issues/3666 (🚧 ) workaround: comment out experimentsconfig.yaml
or keep on<=5.21.x
Refactor
This release only refactor internal code, reuse configuration parsing and token signature from v6.
Bugs
v5.20.0
v5.21.2
Compare Source
5.21.2 (2023-02-25)
Bug Fixes
ed80a25
] (verdaccio/verdaccio@ed80a25)) fix #3612 @juanpicadov5.21.1
Compare Source
5.21.1 (2023-02-14)
Bug Fixes
😊 I've updated the old UI theme without noticed, does not break anything but this version fix that.
Read the previous minor v5.21.0 release here
v5.21.0
Compare Source
One more step to Verdaccio 5 migration to v6 silently, refactored and better tested modules replace internals without migration required, the idea is help move to verdaccio 6 smoothly as possible without users do much in the near future. You are already using v6 😉 or parts of it.
Noticeable improvements:
verdaccio-audit
improved, not longer userequest
and refactored from v6Some dependencies are limited due verdaccio@5 still supports Node.js 12 (but probably not many users are actually using it and is not recommended)
Features
v5.20.1
Compare Source
Bug Fixes
5.20.0 (2023-01-29) (⚠️ Never published on npmjs by mistake)
Since 5.20.0 some internals are new, modules from the next major v6 but backward compatible, if causes any troubles please report. Future releases from now on might benefit of fixes, compatible features on v6 alpha into any new v5 version.
Please check E2E test on this repo, includes all package managers, docker images and plugins.
Features
Bug Fixes
v5.19.1
Compare Source
5.19.1 (2023-01-07)
Bug Fixes
v5.19.0
Compare Source
Features
Bug Fixes
v5.18.0
Compare Source
Features
Bug Fixes
v5.17.0
Compare Source
Features
Bug Fixes
v5.16.3
Compare Source
Same as v5.16.0 https://github.com/verdaccio/verdaccio/releases/tag/v5.16.0
v5.16.1
Compare Source
v5.16.0
Compare Source
Features
Docker refactoring
Docker base moves from TLS v14 -> v18
Bug Fixes
v5.15.4
Compare Source
5.15.4 (2022-09-29)
Bug Fixes
v5.15.3
Compare Source
5.15.3 (2022-09-07)
Bug Fixes
v5.15.2
Compare Source
5.15.2 (2022-09-05)
Bug Fixes
v5.15.1
Compare Source
5.15.1 (2022-09-04)
Bug Fixes
v5.15.0
Compare Source
Features
Enable abbreviated manifest data by adding the header:
It returns a filtered manifest, additionally includes the time field by request. You can read more here or start using with
[email protected]
.Current support for packages managers:
https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-metadata-format
v5.14.0
Compare Source
Features
Bug Fixes
v5.13.3
Compare Source
5.13.3 (2022-07-13)
Bug Fixes
v5.13.2
Compare Source
5.13.2 (2022-07-12)
Bug Fixes
v5.13.1
Compare Source
5.13.1 (2022-06-23)
Bug Fixes
v5.13.0
Compare Source
Features
Enable more algorithms for hasing password only for htpasswd plugin,
crypt
by default to avoid breaking changes for next major releasebcrypt
is highly recommended.ref https://github.com/verdaccio/monorepo/pull/580
v5.12.0
Compare Source
Features
Example
Bug Fixes
v5.11.0
Compare Source
The way to use verdaccio programatically is not very friendly if you are using
as this example.
runServer
) forbid this and only allows the first one listener listed❌ Bad
✅ Good (on v6.0.0 won't be a list anymore)
🚀 Feature
runServer
method to run verdaccio programatically as a promiseOn v6 https://github.com/verdaccio/verdaccio/pull/2165 this was improved and I am moving the same API to v5 so is much easier to migrate in the future.
There are three ways to use it:
config.yaml
as is you would runverdaccio
in the consoleWith an object you need to add
self_path
, manually (it's not nice but would be a breaking change changing it now) on v6 this is not longer need it.Read more here https://verdaccio.org/docs/verdaccio-programmatically
parseConfigFile
methodExposed for easy use parse a
yaml
file as an objectv5.10.3
Compare Source
5.10.3 (2022-05-30)
Bug Fixes
v5.10.2
Compare Source
5.10.2 (2022-05-07)
Bug Fixes
v5.10.1
Compare Source
5.10.1 (2022-05-05)
Bug Fixes
v5.10.0
Compare Source
Features
🌞 Initial new set of variables to hide features (more to come)
Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. ℹ️ All are
enabled by default.