chore(release): 5.0.2

not need it on 5.x

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node_version: [12, 14, 15]
+        node_version: [12, 14, 15, 16]
 
     runs-on: ubuntu-latest
 

.github/workflows/codeql-analysis.yml

@@ -1,52 +0,0 @@
-name: "Code scanning - action"
-
-on:
-  push:
-  pull_request:
-  schedule:
-    - cron: '0 2 * * 4'
-
-jobs:
-  CodeQL-Build:
-
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2.3.3
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-      
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows/docker-publish.yml

@@ -36,7 +36,7 @@ jobs:
         with:
           images: ${{ github.repository }}
           tag-custom: 5.x-next
-          tag-custom-only: ${{ github.ref == 'refs/heads/master' }}
+          tag-custom-only: ${{ github.ref == 'refs/heads/5.x' }}
           tag-semver: |
             {{version}}
             {{major}}

.github/workflows/release.yml

@@ -4,7 +4,6 @@ on:
   push:
     tags:
       - '*'
-
 jobs:
   release:
     name: Release

CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [5.0.2](https://github.com/verdaccio/verdaccio/compare/v5.0.1...v5.0.2) (2021-04-27)
+
+
+### Bug Fixes
+
+* incorrect sanity check for theme plugin ([#2205](https://github.com/verdaccio/verdaccio/issues/2205)) ([d8b62cf](https://github.com/verdaccio/verdaccio/commit/d8b62cff530b1be207278a319f1989d45f5815df))
+
+### [5.0.1](https://github.com/verdaccio/verdaccio/compare/v5.0.0...v5.0.1) (2021-04-10)
+
+
+### Bug Fixes
+
+* logo and favicon configuration ([#2180](https://github.com/verdaccio/verdaccio/issues/2180)) ([782dd1c](https://github.com/verdaccio/verdaccio/commit/782dd1ca93a1bd910b14c9e79910480fc6f86d36))
+
 ## [5.0.0](https://github.com/verdaccio/verdaccio/compare/v5.0.0-alpha.7...v5.0.0) (2021-04-09)
 
 

README.md

@@ -69,11 +69,7 @@ booted in a couple of seconds, fast enough for any CI. Many open source projects
 
 ## Talks
 
-### **Node.js Dependency Confusion Attacks & Vulnerabilities in Go Binaries**.
-
-[RSVP](https://www.meetup.com/es-ES/devseccon-germany/events/276990087) to join the talk.
-
-[![verdaccio openjsworld](https://cdn.verdaccio.dev/readme/devseccon.png)](https://www.meetup.com/es-ES/devseccon-germany/events/276990087/)
+[![verdaccio Node.js Dependency Confusion Attacks](https://cdn.verdaccio.dev/readme/devseccon.png)](https://www.youtube.com/watch?v=qTRADSp3Hpo)
 
 You might want to check out as well our previous talks:
 

conf/default.yaml

@@ -19,6 +19,8 @@ web:
   # sort_packages: asc
   # convert your UI to the dark side
   # darkMode: true
+  # logo: http://somedomain/somelogo.png
+  # favicon: http://somedomain/favicon.ico | /path/favicon.ico
 
 # translate your registry, api i18n not available yet
 # i18n:

conf/docker.yaml

@@ -24,6 +24,8 @@ web:
   # by default packages are ordercer ascendant (asc|desc)
   # sort_packages: asc
   # darkMode: true
+  # logo: http://somedomain/somelogo.png
+  # favicon: http://somedomain/favicon.ico | /path/favicon.ico
 
 # translate your registry, api i18n not available yet
 # i18n:

package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio",
-  "version": "5.0.0",
+  "version": "5.0.2",
   "description": "A lightweight private npm proxy registry",
   "author": {
     "name": "Verdaccio Maintainers",

src/api/middleware.ts

@@ -28,7 +28,7 @@ export function serveFavicon(config: Config) {
   return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
     try {
       // @ts-ignore
-      const logoConf: string = config?.web?.logo as string;
+      const logoConf: string = config?.web?.favicon as string;
       if (logoConf === '') {
         debug('favicon disabled');
         res.status(404);
@@ -42,6 +42,7 @@ export function serveFavicon(config: Config) {
         ) {
           debug('redirect to %o', logoConf);
           res.redirect(logoConf);
+          return;
         } else {
           const faviconPath = path.normalize(logoConf);
           debug('serving favicon from %o', faviconPath);
@@ -52,11 +53,10 @@ export function serveFavicon(config: Config) {
             } else {
               res.setHeader('Content-Type', 'image/x-icon');
               fs.createReadStream(faviconPath).pipe(res);
-              return;
+              debug('rendered custom ico');
             }
           });
         }
-        return next();
       } else {
         res.setHeader('Content-Type', 'image/x-icon');
         fs.createReadStream(path.join(__dirname, './web/html/favicon.ico')).pipe(res);

src/api/web/html/renderHTML.ts

@@ -36,7 +36,6 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
   const darkMode = config?.web?.darkMode ?? false;
   const title = config?.web?.title ?? WEB_TITLE;
   const scope = config?.web?.scope ?? '';
-  // FIXME: logo URI is incomplete
   let logoURI = config?.web?.logo ?? '';
   const version = pkgJSON.version;
   const primaryColor = validatePrimaryColor(config?.web?.primary_color) ?? '#4b5e40';
@@ -56,7 +55,7 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
     base,
     primaryColor,
     version,
-    logoURI,
+    logo: logoURI,
     title,
     scope,
     language,

src/api/web/index.ts

@@ -19,7 +19,7 @@ export function loadTheme(config) {
         config.theme,
         {},
         function (plugin) {
-          return _.isString(plugin);
+          return plugin.staticPath && plugin.manifest && plugin.manifestFiles;
         },
         'verdaccio-theme'
       )