Environment Parsing

[steveukx]

No description provided.

[changeset-bot]

🦋 Changeset detected

Latest commit: 0ab6c5b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@simple-git/argv-parser	Minor
simple-git	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[kachkaev]

👋 @steveukx! I'm getting this error after lockfile maintenance over the weekend:

Error: TypeError: parsed.vulnerabilities.vulnerabilities is not iterable

This happened because direct dependency simple-git stayed on 3.35.2 but transient dependency @simple-git/argv-parser upgraded from 1.0.3 to 1.1.0. It was still within the allowed semever range for simple-git@3.35.2 ("@simple-git/argv-parser": "^1.0.3").

So technically there is a breaking change between @simple-git/argv-parser 1.0.x and 1.1.0 which is a bug, according to semver.

---

I bumped simple-git from 3.35.2 to 3.36.0 and it resolved the above error. But I guess that new installs for simple-git <3.36.0 will be broken now.

[viceice]

same issue here

• build(deps): update dependency simple-git to v3.35.2 (main) renovatebot/renovate#42588

[konstantintieber]

Hi @steveukx, thx for this update, I think it's definitely an improvement.
Just wanted to drop a message here that this could be considered a breaking change.
Before 3.36.0, this simpleGit constructor call would work fine:

const git = simpleGit({
  baseDir: gitFolder,
  binary: 'git',
  maxConcurrentProcesses: 6,
  trimmed: false,
  config: ['credential.helper=credential.helper="!f(){ printf 'username=%s\npassword=%s\n' "$USERNAME" "$PASSWORD" };f"', 'credential.useHttpPath=true'],
}).env('GIT_TERMINAL_PROMPT', '0')

After updating to 3.36.0, the same constructor call results in this error:
Error: Configuring credential.helper is not permitted without enabling allowUnsafeCredentialHelper.

See n8n-io/n8n#29943

The same goes for ssh and allowUnsafeSshCommand: true where this used to work fine before:

const sshCommand = `ssh -o UserKnownHostsFile="${escapedKnownHostsPath}" -o StrictHostKeyChecking=accept-new -i "${escapedPrivateKeyPath}"`
const git = simpleGit({
  baseDir: gitFolder,
  binary: 'git',
  maxConcurrentProcesses: 6,
  trimmed: false,
})
.env('GIT_SSH_COMMAND', sshCommand)
.env('GIT_TERMINAL_PROMPT', '0');

What do you think of bumping the package to 4.0 to help avoid people who update running into this?
I think it would also help to add it on the release notes of https://github.com/steveukx/git-js/releases/tag/simple-git%403.36.0