Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: allow semver ranges #719

Merged
merged 2 commits into from
Feb 1, 2024
Merged

fix: allow semver ranges #719

merged 2 commits into from
Feb 1, 2024

Conversation

mdonnalley
Copy link
Contributor

What does this PR do?

Support semver ranges when verifying signature (e.g. sf plugins install auth@^3.3.3)

What issues does this PR fix or reference?

@W-11771849@

@cristiand391
Copy link
Member

QA notes:

✅ install using semver range

before

➜  plugin-trust git:(mdonnalley/semver-range) sf plugins install @salesforce/plugin-org@^3.3.6
    InvalidNpmMetadata: The npm metadata for plugin plugin-org is missing the versions attribute.
    Code: InvalidNpmMetadata

after

➜  plugin-trust git:(mdonnalley/semver-range) sf plugins install @salesforce/plugin-org@^3.3.6
 ›   Warning: @salesforce/plugin-trust is a linked ESM module and cannot be auto-transpiled. Existing compiled source will be used instead.
Polling for new version(s) to become available on npm... done
Successfully validated digital signature for @salesforce/plugin-org.
Finished digital signature check.
Installing plugin org@^3.3.6... installed v3.3.10

Successfully installed @salesforce/plugin-org v3.3.10

v3.3.10 satisfies ^3.3.6.

and

sf plugins install @salesforce/plugin-org@^2

gets

Successfully installed @salesforce/plugin-org v2.11.8

✅ install using dist-tag

➜  plugin-trust git:(mdonnalley/semver-range) sf plugins install @salesforce/plugin-deploy-retrieve@beta
 ›   Warning: @salesforce/plugin-trust is a linked ESM module and cannot be auto-transpiled. Existing compiled source will be used instead.
Polling for new version(s) to become available on npm... done
Successfully validated digital signature for @salesforce/plugin-deploy-retrieve.
Finished digital signature check.
Installing plugin deploy-retrieve@beta... installed v1.8.8-beta.2
 ›   Warning: @salesforce/plugin-deploy-retrieve > @salesforce/source-deploy-retrieve > proxy-agent > pac-proxy-agent > pac-resolver > degenerator > [email protected]: The
 ›   library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code
 ›   to isolated-vm.
 ›   Warning: "@salesforce/plugin-deploy-retrieve > @oclif/core > [email protected]" has unmet peer dependency "@types/node@*".
 ›   Warning: "@salesforce/plugin-deploy-retrieve > @oclif/core > [email protected]" has unmet peer dependency "typescript@>=2.7".

These warnings can only be addressed by the owner(s) of @salesforce/plugin-deploy-retrieve.
We suggest that you create an issue at https://github.com/forcedotcom/cli/issues and ask the plugin owners to address them.


Successfully installed @salesforce/plugin-deploy-retrieve v1.8.8-beta.2

✅ install specific version:

➜  plugin-trust git:(mdonnalley/semver-range) sf plugins install @cristiand391/[email protected]
 ›   Warning: @salesforce/plugin-trust is a linked ESM module and cannot be auto-transpiled. Existing compiled source will be used instead.
Skipping digital signature verification because [@cristiand391/sf-plugin-api] is allow-listed.
Finished digital signature check.
Installing plugin @cristiand391/[email protected]... installed v0.0.2
 ›   Warning: "@cristiand391/sf-plugin-api > @oclif/core > [email protected]" has unmet peer dependency "@types/node@*".
 ›   Warning: "@cristiand391/sf-plugin-api > @oclif/core > [email protected]" has unmet peer dependency "typescript@>=2.7".

These warnings can only be addressed by the owner(s) of @cristiand391/sf-plugin-api.
We suggest that you create an issue at https://github.com/cristiand391/sf-plugin-api/issues and ask the plugin owners to address them.


Successfully installed @cristiand391/sf-plugin-api v0.0.2

all checks also verified by running sf plugins to confirm the installed version.

@cristiand391 cristiand391 merged commit 7d0c8e0 into main Feb 1, 2024
11 checks passed
@cristiand391 cristiand391 deleted the mdonnalley/semver-range branch February 1, 2024 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants