Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-4509

js and nodejs libraries need to be refreshed with current libraries

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.11.0
    • Fix Version/s: 0.12.0
    • Component/s: JavaScript - Library
    • Labels:

      Description

      The npm libraries that our js and nodejs depend on are starting to go end of life.
      As it stands the build is just barely holding together, and as of 5 hours ago the "ws" package dropped support for node < 4.5.0; Ubuntu Xenial 16.04 LTS uses node v4.2.6.

      There are other issues:

      Running "shell:InstallThriftNodeJSDep" (shell) task
      WARN engine hawk@6.0.2: wanted: {"node":">=4.5.0"} (current: {"node":"4.2.6","npm":"3.5.2"})
      npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
      npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
      npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
      npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
      npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
      npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
      

      Some of these are security issues.

      In addition the js module depends on https://www.npmjs.com/package/grunt-external-daemon which requires grunt 0.4.0, which is really old and may contribute to requiring older versions of things that are posting deprecations.

        Attachments

          Activity

            People

            • Assignee:
              jking3 James E. King III
              Reporter:
              jking3 James E. King III
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: