Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ssh2 and ssh2-sftp-client #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump ssh2 and ssh2-sftp-client #3

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 10, 2023

Bumps ssh2 to 1.12.0 and updates ancestor dependency ssh2-sftp-client. These dependencies need to be updated together.

Updates ssh2 from 0.8.9 to 1.12.0

Commits
  • 50ffab8 package: bump version to v1.12.0
  • 81c705d ci: update lint workflow
  • de62ab0 test: fix race condition causing intermittent test failure
  • 9457685 ci: add node v20.x
  • 41fa3b6 lib: add server-sig-algs support
  • ac7f9bc readme: fix typo
  • 76f65df package: bump cpu-features dep to v0.0.6
  • 6f3e9dd package: bump nan to ^2.17.0, cpu-features to ~0.0.5
  • aea0ea4 ci: update action versions
  • d312c3e client,server: add setNoDelay()
  • Additional commits viewable in compare view

Updates ssh2-sftp-client from 5.1.2 to 9.1.0

Release notes

Sourced from ssh2-sftp-client's releases.

Maintenance Release

  • Re-factoring of some methods to enable them to better catch network errors within surrounding promise.
  • Fix error in handling options in some methods which prevented setting file permissions
  • Added additional tests and test coverage

Minor bug fix release

  • Fixes an issue with module hanging and failing to return any error when a corrupted private key was supplied. Now returns an error that the module was unable to parse the private key.

Minor bug fix release

Fix two minor bugs

  • Sometimes, when initialisation of sftp sub-system failed, the module would attempt to call sftp.end(), which would fail with an undefined reference error

  • When calling the get() method and supplying a destination stream for the data, if the soruce file did not exist on the remote server, the destination stream was not closed and could result in a resource leak.

Minor bug fixes

A couple of fairly minor changes to address some edge case issues

  • DOn't throw error or reject promise if end() method called when there is no active sftp connection. If end() is called and there is no active connection, just turn into a noop. Better to call end() when not needed than miss calling it because it might cause an error in some scenarios.
  • Don't throw exception or reject a promise when an 'unexpected' end or close event is seen. Logic for determining when a close or end event was 'unexpected' was not reliable enough. Besides, trying to identify unexpected close/end signals didn't really add any value. Now if a close or end signal occurs which was not 'expected', we will just log it. We do invalidate the sftp connection whenever we see an end/close event regardless.
  • Now use nullish coalescing instead of or'iing to set the various params for retry configuration. Previously, using or'ing meant you couldn't set a param to 0. Using ?? now allows this.
  • Made some minor changes to when the flags used to track event handling are reset. Previously, they were reset after temporary listeners were removed. We now do the reset after new temporary listeners are added.

None of the above changes are API breaking (for v9). Should be able to upgrade from any previous 9.x version with no issue.

Minor bug fix version

The get() method was not always returning a buffer when no destination argument was supplied due to a race condition between concat-stream and readStream finish event. When triggered, get() would return the concat-stream object instead of the buffer object it contains.

Major Release - New methods, API updates

This is a major new version which includes both new methods and API changes as well as some code cleanup and refactoring to improve performance.

  • API Changes

    • list() method now accepts a filter function instead of a regular expression to filter the list of items returned.
    • Ability to set autoClose in options passed into get() and put() methods has been removed. Tis option caused confusion for developers and made the logic overly complicated for rare use cases. You can not just use the new createReadStream() and createWriteStream() when you want low level control.
    • Ability to set 'end' property in pipe() operations used by get() and put() methods has been removed because it complicated the logic of get() and put() methods when only useful for a very small number of edge cases. Use getReadStream and getWriteStream and manage pipe() manually should you require this type of low level control
    • The 3rd argument to uploadDir() and downloadDir() methods has been changed. Previously, this argument was a filter function. It is now an object which can have properties of 'filter', to supply a filter function and useFastGet/useFastPut, a boolean used to tell the method to use the potentially faster fastGet() or fastPut() method to transfer data.

  • New Methods

    • createReadStream(): returns a read stream connected to a remote file on the sftp server
    • createWriteStream(): returns a write stream connected to a remote file on the sftp server
    • rcopy(): create a remote copy of a remote file on the sftp server

  • Other Changes

    • downloadDi()/uploadDir() now uses asynchronous calls to transfer files to help improve speed
    • The retry code used to retry making a connection after initial failure has been refactored and improved to more reliably handle retry options.
    • Management of temporary event listeners has been refactored to make management of event listeners when using internal calls to various methods more efficient.

Although not benchmarked, the performance of this version appears to be significantly better than previous versions. Running the test suite completes much faster, despite quite a new new tests being added for the new methods.

... (truncated)

Commits
  • 610bcd0 Bump dependencies - inc. ssh2
  • d27ff7f Update to exclude unnecssary files from npm package
  • 284e24f Update README
  • b554bb5 Update upload/download dir functions
  • 6c59062 Add additional list filter tests
  • 1cfdb96 Removed unnecessary debug msg.
  • 3f158f7 Fix error in end() and improve test coverage.
  • cd3298b Improved test coverage for utils
  • 8d916ef Added error checking to sleep function.
  • af7eb7b Fix bug in rmdir where main dir wasn't actually deleted
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump ssh2 and ssh2-sftp-client
f5c11ed 
Bumps [ssh2](https://github.com/mscdex/ssh2) to 1.12.0 and updates ancestor dependency [ssh2-sftp-client](https://github.com/theophilusx/ssh2-sftp-client). These dependencies need to be updated together.


Updates `ssh2` from 0.8.9 to 1.12.0
- [Commits](mscdex/ssh2@v0.8.9...v1.12.0)

Updates `ssh2-sftp-client` from 5.1.2 to 9.1.0
- [Release notes](https://github.com/theophilusx/ssh2-sftp-client/releases)
- [Changelog](https://github.com/theophilusx/ssh2-sftp-client/blob/master/CHANGELOG.org)
- [Commits](theophilusx/ssh2-sftp-client@5.1.2...v9.1.0)

---
updated-dependencies:
- dependency-name: ssh2
  dependency-type: indirect
- dependency-name: ssh2-sftp-client
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants