Skip to content
This repository has been archived by the owner on Jun 7, 2022. It is now read-only.

changed 'git' to 'git+https' due to unavailability #26

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

changed 'git' to 'git+https' due to unavailability #26

wants to merge 1 commit into from

Conversation

Matze1224
Copy link

GitHub removed the unencrypted Git protocol. git:// works if a ssh-key is set up at GitHub, but don't work elsewhere (like production environments):
https://github.blog/2021-09-01-improving-git-protocol-security-github/

If you install it as dependency (here from mx-puppet-discord), you get following error from yarn:

$ yarn
yarn install v1.22.17
info No lockfile found.
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
[1/4] Resolving packages...
error Command failed.
Exit code: 128
Command: git
Arguments: ls-remote --tags --heads git://github.com/Sorunome/discord-markdown.git
Directory: /home/discord-puppet/test
Output:
fatal: Fehler am anderen Ende: 
  The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

The funny thing is, that it works with npm without errors (got a heart-attack from it that I can't reproduce the error anymore^^):

$ npm i
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@sorunome/[email protected]',
npm WARN EBADENGINE   required: { node: '>=10.0.0', npm: '^6.0.0', yarn: '^1.19.0' },
npm WARN EBADENGINE   current: { node: 'v16.14.0', npm: '8.3.1' }
npm WARN EBADENGINE }
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.

added 383 packages, and audited 384 packages in 5s

34 packages are looking for funding
  run `npm fund` for details

2 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Following patch corrects the URI specifier that dependency installation works over HTTPS, so the error can't happen anymore.

@Matze1224
changed 'git' to 'git+https' due to unavailability
61e9724 
GitHub removed the unencrypted Git protocol. Don't know if it works if
ssh is set up, but don't work elsewhere:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Matze1224