Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: upgrade argon2 #431

Closed
wants to merge 2 commits into from
Closed

chore: upgrade argon2 #431

wants to merge 2 commits into from

Conversation

benmccann
Copy link

ref #421. I think this should unblock that issue, but I believe there is more required. Would you be able to fix it as a follow up or at least provide some pointers?

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/argon2@0.40.3 None +2 1.28 MB ranisalt
npm/node-gyp-build@4.8.1 environment, filesystem 0 13.4 kB mafintosh

🚮 Removed packages: npm/argon2@0.31.2, npm/node-gyp-build@4.7.1

View full report↗︎

Copy link
Member

@styfle styfle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since argon2 is a devDependency, it's not related to #421

That said, its fine to upgrade but it looks like this is causing code coverage to drop which makes me think its no longer testing the code path for argon in special-cases.ts

argon2({ id, emitAssetDirectory }) {
if (id.endsWith('argon2/argon2.js')) {
emitAssetDirectory(resolve(dirname(id), 'build', 'Release'));
emitAssetDirectory(resolve(dirname(id), 'prebuilds'));
emitAssetDirectory(resolve(dirname(id), 'lib', 'binding'));
}

And more importantly, the zeromq-node-gyp test started failing

https://github.com/vercel/nft/actions/runs/9686185024/job/26738120405?pr=431#step:10:1098

@benmccann
Copy link
Author

Since argon2 is a devDependency, it's not related to #421

Could you clarify your comment from #407 (comment)? I thought you were saying the only reason @mapbox/node-pre-gyp is in dependencies is because argon2 uses it. The old version of argon2 depends on it, but the new version doesn't, so it sounded to me like upgrading argon2 would allow us to remove @mapbox/node-pre-gyp thus fixing #421

@styfle
Copy link
Member

styfle commented Jun 27, 2024

@benmccann My comment was about replacing @mapbox/node-pre-gyp with our own implementation since its only using find(). I was using argon2 as an example of one of the packages that uses @mapbox/node-pre-gyp since I've never used it before so I had to look at how its used in real packages.

@benmccann
Copy link
Author

Ah, I see. Thanks for clarifying. I'll go ahead and close this then since it won't help with my goal of resolving #421

@benmccann benmccann closed this Jun 27, 2024
@benmccann benmccann deleted the argon2 branch June 27, 2024 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants