tschaub/gh-pages

Getting Invalid URL: http:git@github.com error after upgrading to 3.2.1 from 3.2.0

blackr1234 opened this issue ยท 8 comments

Issue Overview

Deploying React app to GitHub Pages no longer works after upgrading dependency version of gh-pages from 3.2.0 to 3.2.1.


Issue Details

After the upgrade, now I am getting the error below when I run the npm script npm run deploy (which runs gh-pages -d build):

... (omitted) ...
> gh-pages -d build

Invalid URL: http:git@github.com:<username>/<project name>.git
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! <project name>@1.0.0 deploy: `gh-pages -d build`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the <project name>@1.0.0 deploy script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

where <username> is the actual Git username and <project name> is the actual Git project name.


Additional Information

I used the SSH URL in git clone, not the HTTPS one.

This is what git remote -v gives me:

origin  git@github.com:<username>/<project name>.git (fetch)
origin  git@github.com:<username>/<project name>.git (push) 

where <username> is the actual Git username and <project name> is the actual Git project name.


Findings

By checking package-lock.json, I find that filenamify-url is upgraded from ^1.0.0 to ^2.1.1, which may be the cause to the issue.

Downgrading the version back to 3.2.0 (not ^3.2.0) in my package.json and regenerating package-lock.json works for me.

See commit #393 d49620e

We ran into this issue as well, and also resolved by pinning to 3.2.0.

AH82 commented

The same thing happened to me. reverted to 3.2.0.
and I'm a dev beginner. 1st use of gh-pages just 2 days ago.. took me a bit to realize it

The same thing happened to me. reverted to 3.2.0.
and I'm a dev beginner. 1st use of gh-pages just 2 days ago.. took me a bit to realize it

Reverting to 3.2.0 fixes it, can confirm.

How are you fetching the version on your package.json? If it is "^3.2.0" it will still download the 3.2.1. You need to make it strict "3.2.1".

After digging deeper, I found the root cause was the deeper dependency normalize-url. When normalize-url bumped from 1.9.1 to 4.5.1 in the lock file, it changes its URL parser so *.git URLs are no longer allowed.

As filenamify-url is only used to generate a cache path, maybe we can switch to filenamify instead to prevent URL check failure.

AH82 commented

The same thing happened to me. reverted to 3.2.0.
and I'm a dev beginner. 1st use of gh-pages just 2 days ago.. took me a bit to realize it

Reverting to 3.2.0 fixes it, can confirm.

How are you fetching the version on your package.json? If it is "^3.2.0" it will still download the 3.2.1. You need to make it strict "3.2.1".

Just "3.2.0"
(yarn remove gh-pages && yarn add gh-pages@3.2.0 )

Version 3.2.2 reverts the change in 3.2.1. Using 3.2.0 or 3.2.2 should work now.

It fixes temporarily until you really fix but the vulnerabilities are still there as you use obsolete versions of the dependencies.
You either have to change to another library as suggested by @tw0517tw or fix the existing one.
But currently, whatever the version we use, the gh-pages lib is broken either by a high risk vulnerability or by the regression introduced in latest dependency version.

Please update to gh-pages@3.2.3 (3.2.2 will also solve the issue, 3.2.3 includes a few dependency updates).