Skip to content

Latest commit

 

History

History
1094 lines (577 loc) · 45.9 KB

CHANGELOG.md

File metadata and controls

1094 lines (577 loc) · 45.9 KB
Raw

Changelog

19.0.1 (2024-09-26)

Dependencies

  • e56c7fc #302 update p-map from ^4.0.0 to ^7.0.2 (#302)

19.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • cacache now supports node ^18.17.0 || >=20.5.0

Bug Fixes

  • cc9eee3 #300 align to npm 10 node engine range (@reggi)

Dependencies

Chores

  • 73ce729 #300 run template-oss-apply (@reggi)
  • f663562 #294 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])
  • 74ac800 #295 postinstall for dependabot template-oss PR (@hashtagchris)
  • ae95894 #295 bump @npmcli/template-oss from 4.23.1 to 4.23.3 (@dependabot[bot])

18.0.4 (2024-07-11)

Bug Fixes

  • 5f2166a #285 Limit concurrent open files during lsstream (#285) (@oikumene)

18.0.3 (2024-05-04)

Bug Fixes

Chores

  • b685cb5 #269 bump @npmcli/template-oss to 4.22.0 (@lukekarrys)
  • 4a66453 #269 postinstall for dependabot template-oss PR (@lukekarrys)
  • 4359f2c #264 bump @npmcli/template-oss from 4.21.3 to 4.21.4 (@dependabot[bot])

18.0.2 (2024-01-03)

Bug Fixes

Chores

  • 7eab139 #252 postinstall for dependabot template-oss PR (@lukekarrys)
  • 44bedb2 #252 bump @npmcli/template-oss from 4.21.1 to 4.21.3 (@dependabot[bot])
  • a12bdf3 #248 postinstall for dependabot template-oss PR (@lukekarrys)
  • 62e5a94 #248 bump @npmcli/template-oss from 4.19.0 to 4.21.1 (@dependabot[bot])

18.0.1 (2023-11-27)

Bug Fixes

  • 6755c0e #250 attach a catch handler to the handleContentP promise (#250) (@kalinkrustev)

Dependencies

  • 0a5c204 #221 bump minipass-collect from 1.0.2 to 2.0.1

18.0.0 (2023-08-14)

⚠️ BREAKING CHANGES

  • support for node 14 has been removed

Bug Fixes

Dependencies

17.1.4 (2023-08-14)

Dependencies

17.1.3 (2023-05-18)

Bug Fixes

  • a0a5e58 #209 normalize win32 paths to use on glob expressions (#209) (@supita)

17.1.2 (2023-05-16)

Bug Fixes

  • bd846d0 #206 catch eexists in moveOperations promise (#206) (@wraithgar)

17.1.1 (2023-05-16)

Bug Fixes

  • 988d77a #203 deduplicate move operations (#203) (@wraithgar)

17.1.0 (2023-05-02)

Features

  • 2e83cfc #200 write: accept multiple integrity algorithms (#200) (@wraithgar)

Bug Fixes

  • 62b2d8d #199 don't clobber time when verifying cache (#199) (@wraithgar)
  • e227c50 #197 verify: allow for entries with multiple hashes (#197) (@wraithgar)

Documentation

17.0.7 (2023-05-01)

Bug Fixes

  • 265e4ae #195 Trust the filesystem to move files (@wraithgar)

Dependencies

17.0.6 (2023-04-27)

Dependencies

17.0.5 (2023-03-21)

Dependencies

17.0.4 (2022-12-14)

Dependencies

17.0.3 (2022-12-07)

Dependencies

17.0.2 (2022-11-04)

Bug Fixes

  • 4a7382f #152 replace @npmcli/move-file with @npmcli/fs (@lukekarrys)

17.0.1 (2022-10-17)

Dependencies

17.0.0 (2022-10-13)

⚠️ BREAKING CHANGES

  • this module no longer attempts to change file ownership automatically
  • this package is now async only, all synchronous methods have been removed
  • cacache is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

  • 479b135 #141 do not alter file ownership (#141) (@nlf)
  • f57bb4d #140 remove sync methods (#140) (@nlf)
  • cfebcde #133 postinstall for dependabot template-oss PR (@lukekarrys)

16.1.3 (2022-08-23)

Dependencies

  • bump unique-filename from 1.1.1 to 2.0.0 (#123) (6235554)

16.1.2 (2022-08-15)

Bug Fixes

16.1.1 (2022-06-02)

Bug Fixes

  • read: change lstat to stat to correctly evaluate file size (#114) (e3a2928)

16.1.0 (2022-05-17)

Features

  • allow external integrity/size source (#110) (61785e1)

Bug Fixes

  • move to async functions where possible (#106) (71d4389)

16.0.7 (2022-04-27)

Bug Fixes

  • put: don't flush if an error happened (e870016)
  • remove disposer (76ab648)
  • remove fs.copyFile checks (90776fd)

16.0.6 (2022-04-21)

Bug Fixes

  • normalize win32 paths before globbing (4bdd5d5)

16.0.5 (2022-04-20)

Dependencies

16.0.4 (2022-04-05)

Dependencies

  • bump @npmcli/move-file from 1.1.2 to 2.0.0 (#94) (f3d64f6)
  • bump ssri from 8.0.1 to 9.0.0 (#95) (fb44f5f)

16.0.3 (2022-03-22)

Dependencies

  • bump @npmcli/fs from 1.1.1 to 2.1.0 (#88) (9c9c91c)
  • update lru-cache requirement from ^7.5.1 to ^7.7.1 (#87) (800079f)

16.0.2 (2022-03-16)

Bug Fixes

16.0.1 (2022-03-15)

Dependencies

  • bump lru-cache from 6.0.0 to 7.5.1 (#77) (6a3a886)
  • update glob requirement from ^7.1.4 to ^7.2.0 (#74) (27f1a63)
  • update minipass requirement from ^3.1.1 to ^3.1.6 (#76) (954a430)

16.0.0 (2022-03-14)

⚠ BREAKING CHANGES

  • this drops support for node10 and non-LTS versions of node12 and node14.

Bug Fixes

Dependencies

  • @npmcli/[email protected] (6e051a7)
  • update @npmcli/move-file requirement from ^1.0.1 to ^1.1.2 (#70) (ddf797a)
  • update fs-minipass requirement from ^2.0.0 to ^2.1.0 (#72) (07a5aa1)
  • update minipass-pipeline requirement from ^1.2.2 to ^1.2.4 (#69) (372d1a1)
  • update mkdirp requirement from ^1.0.3 to ^1.0.4 (#73) (5fbd50f)
  • update tar requirement from ^6.0.2 to ^6.1.11 (#71) (4d35625)

15.2.0 (2021-05-25)

  • 8892a92 add a validateEntry option to compact
  • 460b951 allow fully deleting indexes

15.1.0 (2021-05-19)

Features

  • allow formatEntry to keep entries with no integrity value (930f531), closes #53
  • expose index.insert, implement and expose index.compact (c4efb74)

15.0.6 (2021-03-22)

15.0.5 (2020-07-11)

15.0.4 (2020-06-03)

Bug Fixes

  • replace move-file dep with @npmcli/move-file (bf88af0), closes #37

15.0.3 (2020-04-28)

Bug Fixes

  • actually remove move-concurrently dep (29e6eec)

15.0.2 (2020-04-28)

Bug Fixes

  • tacks should be a dev dependency (93ec158)

15.0.1 (2020-04-27)

  • deps: Use move-file instead of move-file-concurrently. (92b125)

15.0.0 (2020-02-18)

⚠ BREAKING CHANGES

  • drop figgy-pudding and use canonical option names.

Features

14.0.0 (2020-01-28)

⚠ BREAKING CHANGES

  • deps: bumps engines to >= 10

  • deps: tar v6 and mkdirp v1 (5a66e7a)

13.0.1 (2019-09-30)

Bug Fixes

  • fix-owner: chownr.sync quits on non-root uid (08801be)

13.0.0 (2019-09-25)

⚠ BREAKING CHANGES

  • This subtly changes the streaming interface of everything in cacache that streams, which is, well, everything in cacache. Most users will probably not notice, but any code that depended on stream behavior always being deferred until next tick will need to adjust.

The mississippi methods 'to', 'from', 'through', and so on, have been replaced with their Minipass counterparts, and streaming interaction with the file system is done via fs-minipass.

The following modules are of interest here:

  • minipass The core stream library.

  • fs-minipass Note that the 'WriteStream' class from fs-minipass is not a Minipass stream, but rather a plain old EventEmitter that duck types as a Writable.

  • minipass-collect Gather up all the data from a stream. Cacache only uses Collect.PassThrough, which is a basic Minipass passthrough stream which emits a 'collect' event with the completed data just before the 'end' event.

  • minipass-pipeline Connect one or more streams into a pipe chain. Errors anywhere in the pipeline are proxied down the chain and then up to the Pipeline object itself. Writes go into the head, reads go to the tail. Used in place of pump() and pumpify().

  • minipass-flush A Minipass passthrough stream that defers its 'end' event until after a flush() method has completed (either calling the supplied callback, or returning a promise.) Use in place of flush-write-stream (aka mississippi.to).

Streams from through2, concat-stream, and the behavior provided by end-of-stream are all implemented in Minipass itself.

Features of interest to cacache, which make Minipass a particularly good fit:

  • All of the 'endish' events are normalized, so we can just listen on 'end' and know that finish, prefinish, and close will be handled as well.
  • Minipass doesn't waste time containing zalgo.
  • Minipass has built-in support for promises that indicate the end or error: stream.promise(), stream.collect(), and stream.concat().
  • With reliable and consistent timing guarantees, much less error-checking logic is required. We can be more confident that an error is being thrown or emitted in the correct place, rather than in a callback which is deferred, resulting in a hung promise or uncaughtException.

The biggest downside of Minipass is that it lacks some of the internal characteristics of node-core streams, which many community modules use to identify streams. They have no _writableState or _readableState objects, or _read or _write methods. As a result, the is-stream module (at least, at the time of this commit) doesn't recognize Minipass streams as readable or writable streams.

All in all, the changes required of downstream users should be minimal, but are unlikely to be zero. Hence the semver major change.

Features

  • replace all streams with Minipass streams (f4c0962)
  • deps: Add minipass and minipass-pipeline (a6545a9)
  • promise: converted .resolve to native promise, converted .map and .reduce to native (220c56d)
  • promise: individually promisifing functions as needed (74b939e)
  • promise: moved .reject from bluebird to native promise (1d56da1)
  • promise: removed .fromNode, removed .join (9c457a0)
  • promise: removed .map, replaced with p-map. removed .try (cc3ee05)
  • promise: removed .tap (0260f12)
  • promise: removed .using/.disposer (5d832f3)
  • promise: removed bluebird (c21298c)
  • promise: removed bluebird specific .catch calls (28aeeac)
  • promise: replaced .reduce and .mapSeries (478f5cb)

12.0.3 (2019-08-19)

Bug Fixes

  • do not chown if not running as root (2d80af9)

12.0.2 (2019-07-19)

12.0.1 (2019-07-19)

  • deps Abstracted out lib/util/infer-owner.js to @npmcli/infer-owner so that it could be more easily used in other parts of the npm CLI.

12.0.0 (2019-07-15)

Features

  • infer uid/gid instead of accepting as options (ac84d14)
  • i18n: add another error message (676cb32)

BREAKING CHANGES

  • the uid gid options are no longer respected or necessary. As of this change, cacache will always match the cache contents to the ownership of the cache directory (or its parent directory), regardless of what the caller passes in.

Reasoning:

The number one reason to use a uid or gid option was to keep root-owned files from causing problems in the cache. In npm's case, this meant that CLI's ./lib/command.js had to work out the appropriate uid and gid, then pass it to the libnpmcommand module, which had to in turn pass the uid and gid to npm-registry-fetch, which then passed it to make-fetch-happen, which passed it to cacache. (For package fetching, pacote would be in that mix as well.)

Added to that, cacache.rm() will actually write a file into the cache index, but has no way to accept an option so that its call to entry-index.js will write the index with the appropriate uid/gid. Little ownership bugs were all over the place, and tricky to trace through. (Why should make-fetch-happen even care about accepting or passing uids and gids? It's an http library.)

This change allows us to keep the cache from having mixed ownership in any situation.

Of course, this does mean that if you have a root-owned but user-writable folder (for example, /tmp), then the cache will try to chown everything to root.

The solution is for the user to create a folder, make it user-owned, and use that, rather than relying on cacache to create the root cache folder.

If we decide to restore the uid/gid opts, and use ownership inference only when uid/gid are unset, then take care to also make rm take an option object, and pass it through to entry-index.js.

11.3.3 (2019-06-17)

Bug Fixes

  • audit: npm audit fix (200a6d5)
  • config: Add ssri config 'error' option (#146) (47de8f5)
  • deps: npm audit fix (481a7dc)
  • standard: standard --fix (7799149)
  • write: avoid another cb never called situation (5156561)

11.3.2 (2018-12-21)

Bug Fixes

  • get: make sure to handle errors in the .then (b10bcd0)

11.3.1 (2018-11-05)

Bug Fixes

  • get: export hasContent.sync properly (d76c920)

11.3.0 (2018-11-05)

Features

  • get: add sync API for reading (db1e094)

11.2.0 (2018-08-08)

Features

  • read: add sync support to other internal read.js fns (fe638b6)

11.1.0 (2018-08-01)

Features

  • read: add sync support for low-level content read (b43af83)

11.0.3 (2018-08-01)

Bug Fixes

  • config: add ssri config options (#136) (10d5d9a)
  • perf: refactor content.read to avoid lstats (c5ac10e)
  • test: oops when removing safe-buffer (1950490)

11.0.2 (2018-05-07)

Bug Fixes

  • verify: size param no longer lost in a verify (#131) (c614a19), closes #130

11.0.1 (2018-04-10)

11.0.0 (2018-04-09)

Features

meta

  • drop support for node@4 (529f347)

BREAKING CHANGES

  • node@4 is no longer supported

10.0.4 (2018-02-16)

10.0.3 (2018-02-16)

Bug Fixes

  • content: rethrow aggregate errors as ENOENT (fa918f5)

10.0.2 (2018-01-07)

Bug Fixes

  • ls: deleted entries could cause a premature stream EOF (347dc36)

10.0.1 (2017-11-15)

Bug Fixes

  • move-file: actually use the fallback to move-concurrently (#110) (073fbe1)

10.0.0 (2017-10-23)

Features

  • license: relicense to ISC (#111) (fdbb4e5)

Performance Improvements

  • more copyFile benchmarks (63787bb)

BREAKING CHANGES

  • license: the license has been changed from CC0-1.0 to ISC.

9.3.0 (2017-10-07)

Features

  • copy: added cacache.get.copy api for fast copies (#107) (067b5f6)

9.2.9 (2017-06-17)

9.2.8 (2017-06-05)

Bug Fixes

  • ssri: bump ssri for bugfix (c3232ea)

9.2.7 (2017-06-05)

Bug Fixes

  • content: make verified content completely read-only (#96) (4131196)

9.2.6 (2017-05-31)

Bug Fixes

  • node: update ssri to prevent old node 4 crash (5209ffe)

9.2.5 (2017-05-25)

Bug Fixes

  • deps: fix lockfile issues and bump ssri (84e1d7e)

9.2.4 (2017-05-24)

Bug Fixes

9.2.3 (2017-05-24)

Bug Fixes

  • rm: stop crashing if content is missing on rm (ac90bc0)

9.2.2 (2017-05-14)

Bug Fixes

  • i18n: lets pretend this didn't happen (519b4ee)

9.2.1 (2017-05-14)

Bug Fixes

  • docs: fixing translation messup (bb9e4f9)

9.2.0 (2017-05-14)

Features

  • i18n: add Spanish translation for API (531f9a4)

9.1.0 (2017-05-14)

Features

  • i18n: Add Spanish translation and i18n setup (#91) (323b90c)

9.0.0 (2017-04-28)

Bug Fixes

  • memoization: actually use the LRU (0e55dc9)

Features

  • memoization: memoizers can be injected through opts.memoize (#90) (e5614c7)

BREAKING CHANGES

  • memoization: If you were passing an object to opts.memoize, it will now be used as an injected memoization object. If you were only passing booleans and other non-objects through that option, no changes are needed.

8.0.0 (2017-04-22)

Features

  • read: change hasContent to return {sri, size} (#88) (bad6c49), closes #87

BREAKING CHANGES

  • read: hasContent now returns an object with {sri, size} instead of sri. Use result.sri anywhere that needed the old return value.

7.1.0 (2017-04-20)

Features

  • size: handle content size info (#49) (91230af)

7.0.5 (2017-04-18)

Bug Fixes

  • integrity: new ssri with fixed integrity stream (6d13e8e)
  • write: wrap stuff in promises to improve errors (3624fc5)

7.0.4 (2017-04-15)

Bug Fixes

  • fix-owner: throw away ENOENTs on chownr (d49bbcd)

7.0.3 (2017-04-05)

Bug Fixes

  • read: fixing error message for integrity verification failures (9d4f0a5)

7.0.2 (2017-04-03)

Bug Fixes

  • integrity: use EINTEGRITY error code and update ssri (8dc2e62)

7.0.1 (2017-04-03)

Bug Fixes

  • docs: fix header name conflict in readme (afcd456)

7.0.0 (2017-04-03)

Bug Fixes

  • test: fix content.write tests when running in docker (d2e9b6a)

Features

  • integrity: subresource integrity support (#78) (b1e731f)

BREAKING CHANGES

  • integrity: The entire API has been overhauled to use SRI hashes instead of digest/hashAlgorithm pairs. SRI hashes follow the Subresource Integrity standard and support strings and objects compatible with ssri.

  • This change bumps the index version, which will invalidate all previous index entries. Content entries will remain intact, and existing caches will automatically reuse any content from before this breaking change.

  • cacache.get.info(), cacache.ls(), and cacache.ls.stream() will now return objects that looks like this:

{
  key: String,
  integrity: '<algorithm>-<base64hash>',
  path: ContentPath,
  time: Date<ms>,
  metadata: Any
}

  • opts.digest and opts.hashAlgorithm are obsolete for any API calls that used them.

  • Anywhere opts.digest was accepted, opts.integrity is now an option. Any valid SRI hash is accepted here -- multiple hash entries will be resolved according to the standard: first, the "strongest" hash algorithm will be picked, and then each of the entries for that algorithm will be matched against the content. Content will be validated if any of the entries match (so, a single integrity string can be used for multiple "versions" of the same document/data).

  • put.byDigest(), put.stream.byDigest, get.byDigest() and get.stream.byDigest() now expect an SRI instead of a digest + opts.hashAlgorithm pairing.

  • get.hasContent() now expects an integrity hash instead of a digest. If content exists, it will return the specific single integrity hash that was found in the cache.

  • verify() has learned to handle integrity-based caches, and forgotten how to handle old-style cache indices due to the format change.

  • cacache.rm.content() now expects an integrity hash instead of a hex digest.

6.3.0 (2017-04-01)

Bug Fixes

  • fixOwner: ignore EEXIST race condition from mkdirp (4670e9b)
  • index: ignore index removal races when inserting (b9d2fa2)
  • memo: use lru-cache for better mem management (#75) (d8ac5aa)

Features

  • dependencies: Switch to move-concurrently (#77) (dc6482d)

6.2.0 (2017-03-15)

Bug Fixes

  • index: additional bucket entry verification with checksum (#72) (f8e0f25)
  • verify: return fixOwner.chownr promise (6818521)

Features

  • tmp: safe tmp dir creation/management util (#73) (c42da71)

6.1.2 (2017-03-13)

Bug Fixes

  • index: set default hashAlgorithm (d6eb2f0)

6.1.1 (2017-03-13)

Bug Fixes

  • coverage: bumping coverage for verify (#71) (0b7faf6)
  • deps: glob should have been a regular dep :< (0640bc4)

6.1.0 (2017-03-12)

Bug Fixes

  • coverage: more coverage for content reads (#70) (ef4f70a)
  • tests: use safe-buffer because omfg (#69) (6ab8132)

Features

  • rm: limited rm.all and fixed bugs (#66) (d5d25ba), closes #66
  • verify: tested, working cache verifier/gc (#68) (45ad77a)

6.0.2 (2017-03-11)

Bug Fixes

  • index: segment cache items with another subbucket (#64) (c3644e5)

6.0.1 (2017-03-05)

Bug Fixes

  • docs: Missed spots in README (8ffb7fa)

6.0.0 (2017-03-05)

Bug Fixes

Features

BREAKING CHANGES

  • cache: index/content directories are now versioned. Previous caches are no longer compatible and cannot be migrated.
  • util: fix-owner now uses Promises instead of callbacks
  • index: Previously-generated index entries are no longer compatible and the index must be regenerated.
  • index: The index format has changed and previous caches are no longer compatible. Existing caches will need to be regenerated.
  • hashes: Default hashAlgorithm changed from sha1 to sha512. If you rely on the prior setting, pass opts.hashAlgorithm in explicitly.
  • content: Previously-generated content directories are no longer compatible and must be regenerated.
  • verify: API is now promise-based
  • read: Switches to a Promise-based API and removes callback stuff
  • rm: Switches to a Promise-based API and removes callback stuff
  • index: this changes the API to work off promises instead of callbacks
  • api: this means we are going all in on promises now