-
Bug
-
Resolution: Fixed
-
Minor
-
3.9.9, 3.10.6, 3.11.2, 4.0
-
MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
-
MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_39_STABLE
-
-
Few days ago (MDL-72014) a good number of nodejs stuff was updated.
At the time of rebuilding the lock file (npm-shrinkwrap.json) it all was apparently ok and stable. But it has started to generate some changes to the lock file when npm install is used. These are the changes:
diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json
|
index 8b75c7b79c1..758fb023909 100644
|
--- a/npm-shrinkwrap.json
|
+++ b/npm-shrinkwrap.json
|
@@ -311,7 +311,8 @@
|
},
|
"lodash": {
|
"version": "4.17.15",
|
- "resolved": "",
|
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
|
+ "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
|
"dev": true
|
}
|
}
|
@@ -1304,7 +1305,8 @@
|
},
|
"lodash": {
|
"version": "4.17.15",
|
- "resolved": "",
|
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
|
+ "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
|
"dev": true
|
}
|
}
|
@@ -1394,7 +1396,8 @@
|
},
|
"lodash": {
|
"version": "4.17.15",
|
- "resolved": "",
|
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
|
+ "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
|
"dev": true
|
}
|
}
|
It seems that the "lodash" package has got some integrity checks that was missing last week. I've looked for more cases in the lock file and that's the unique one.
So this issue is about to:
- Regenerate the lock file following the instructions @ https://docs.moodle.org/dev/NPM#Updating_npm_dependencies
- Test they are stable.
- Push and party!
- has a non-specific relationship to
-
MDLSITE-5536 New CI job to look for changes in lock files
- Open
- is a regression caused by
-
MDL-72014 Update grunt and some components to avoid some security reports
- Closed