nodejs
Update tap to version 14.3.1
Fixes npm audit warning for handlebars:
-bash-4.2$ npm audit
=== npm audit security report ===
# Run npm install --save-dev [email protected] to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ handlebars │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ tap [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ tap > nyc > istanbul-reports > handlebars │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/755 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 578 scanned packages
1 vulnerability requires semver-major dependency updates.
-bash-4.2$
Disable esm to allow tests to pass on Node.js 13 nightlies. (https://github.com/nodejs/node/issues/28294, https://github.com/standard-things/esm/issues/821).
tap now enables coverage by default and the update has exposed that a handful of tests have issues when run with coverage enabled (the same failures can be seen if run with the non-updated tap with --coverage). The main issue is that coverage is wrapping spawned child processes so that:
- The spawned process runs something else which runs the tests (this is hidden on the JavaScript side from the tests but not from
node-reportwhich reports the actual command line). - Signal handlers are being installed by the wrapping which prevent the spawned process being terminated by signals (since the signals are now being caught).
The first commit contains changes to work around these issues. The alternative would be to disable coverage (which isn't as bad as it sounds given how little non-test/demo JavaScript is contained in this project).
CI: Node.js 13 nightly: https://ci.nodejs.org/job/nodereport-continuous-integration-latest/24/ (✔️) Node.js 12: https://ci.nodejs.org/job/nodereport-continuous-integration-latest/26/ (✔️) Node.js 10: https://ci.nodejs.org/job/nodereport-continuous-integration-latest/27/ (✔️) Node.js 8: https://ci.nodejs.org/job/nodereport-continuous-integration-latest/28/ (✔️)
Also tap version 13 (this PR bumps from 12 to 14) dropped support for Node.js < 8 (https://github.com/tapjs/node-tap/issues/498). This is only a dev-dependency and shouldn't affect the node-report module itself so I think we can release this in a normal patch release (but you may not be able to test node-report on the earlier End-of-Life Node.js releases). Please speak up if you disagree.
Alternative PR in https://github.com/nodejs/node-report/pull/136 which keeps tap at version 12 which maintains compatibility with Node.js 6.
Keeping this PR open for the next semver major bump when we can properly raise the minimum Node.js version to 8 (or 10 depending on when we do the bump).
Node.js 6 CI demonstrating the break: https://ci.nodejs.org/job/nodereport-continuous-integration-latest/39/
example Node.js 6 failure:
14:59:00 + npm install
14:59:38 [email protected] /home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-report
14:59:38 └── [email protected]
14:59:38
14:59:38 npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^2.0.6 (node_modules/chokidar/node_modules/fsevents):
14:59:38 npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
14:59:38 npm ERR! Linux 5.0.16-300.fc30.x86_64
14:59:38 npm ERR! argv "/home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-v6.17.1-linux-x64/bin/node" "/home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-v6.17.1-linux-x64/bin/npm" "install"
14:59:38 npm ERR! node v6.17.1
14:59:38 npm ERR! npm v3.10.10
14:59:38 npm ERR! path /home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-report/node_modules/.staging/@types/prop-types-4055500f
14:59:38 npm ERR! code ENOENT
14:59:38 npm ERR! errno -2
14:59:38 npm ERR! syscall rename
14:59:38
14:59:38 npm ERR! enoent ENOENT: no such file or directory, rename '/home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-report/node_modules/.staging/@types/prop-types-4055500f' -> '/home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-report/node_modules/tap/node_modules/@types/prop-types'
14:59:38 npm ERR! enoent ENOENT: no such file or directory, rename '/home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-report/node_modules/.staging/@types/prop-types-4055500f' -> '/home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-report/node_modules/tap/node_modules/@types/prop-types'
14:59:38 npm ERR! enoent This is most likely not a problem with npm itself
14:59:38 npm ERR! enoent and is related to npm not being able to find a file.
14:59:38 npm ERR! enoent
14:59:38
14:59:38 npm ERR! Please include the following file with any support request:
14:59:38 npm ERR! /home/iojs/build/workspace/nodereport-continuous-integration-latest/nodes/fedora-latest-x64/node-report/npm-debug.log
14:59:39 Build step 'Execute shell' marked build as failure