Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): bump @types/eslint-scope from 3.7.1 to 3.7.2
Bumps [@types/eslint-scope](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/eslint-scope) from 3.7.1 to 3.7.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/eslint-scope) --- updated-dependencies: - dependency-name: "@types/eslint-scope" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
- Loading branch information
1 parent
c854e30
commit d87add0
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is not @types/eslint-scope@3.7.2 . Something wrong with npm version from https://www.npmjs.com/package/@types/eslint-scope because there say it is 3.7.2, but in versions only 3.7.1 was released, I think is related with old hacked version that was deleted ? npm/npm#21202
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @laurentiustroia,
I created an issue : #15059 in order to solve this blocking problem.
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@GregoireLgt What do you mean
blocking problem? We have own lock file and your project do not use itd87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexander-akait,
All my projects using webpack 5.x (Angular 12) are broken because angular-devkit/build-angular has webpack in its node_modules and webpack has eslint-scope@3.7.2 in its node_modules but this version doesn't exist :(
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you don't understand how lock files works, regenerate lock files
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexander-akait, i already tried to regenerate my package-lock.json file. It stills retrieves the eslint-scope@3.7.2 and i'm stuck because of that problem :/
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clear npm cache and check version of npm
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexander-akait , i already cleaned the npm cache
I am using :
npm 6.14.14
node 14.16.1
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
webpack lock file is not used for your projects, it is internal file only for webpack dependencies
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If webpack has a dependency to @types/eslint-scope, then it needs to retrieve this package when i do npm install, right ?
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We use
^3.7.0https://github.com/webpack/webpack/blob/main/package.json#L8, so you can install3.7.0,3.7.1and mored87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is the log of what's happening when we npm install :
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something wrong with npm register, based on this https://www.npmjs.com/package/@types/eslint-scope,
3.7.2exists, but server returns 404, I recommend to report about it in npm register, as you can see we don't have something speciald87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexander-akait this version of @types/eslint-scope doesn't exist anymore because it was reported to be a malicious version npm/npm#21202
To prevent any problem, you could force the version in your package.json to be 3.7.1, instead of having ^3.7.0 which is obviously causing troubles...
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, no, we should not modify versions because package was unpublished, we use range to prevent other problems - bugs/security bugs/features/etc, downloading correct version is task of a package manager, not webpack
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexander-akait Ok i understand. I think other people are going to have the same problem as you can see here : angular/angular-cli#22405
Someone created an issue on the Angular Github because the @angular-devkit/build-angular has webpack in its dependencies, and the fact that you have ^3.7.0 is clearly causing trouble with the 3.7.2 nonexistent version...
Do you know what door we need to knock at to solve this problem ? Maybe https://github.com/npm/npm/issues ?
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think no problem with npm itself here, versions in npm register is wrong, register says we have
3.7.2, but returns 404 on this, so I think better to open an issue in npm register bug trackerd87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi guys, I found the problem, many proxy are blocked this version due to last 3 years incident when was a malware was deployed on this package version. Check your security rules if someone block this.
d87add0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello all,
You are right @laurentiustroia many proxy are blocked @types/eslint-scope 3.7.2 but it's an error because the insecured package is not @types/eslint-scope 3.7.2 but eslint-scope@3.7.2 (This one has been deleted as you can see https://www.npmjs.com/package/eslint-scope).
So the solution is to check our proxy security rules to not block the wrong package.
Regards