thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James E. King, III (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (THRIFT-4064) Update node library dependencies
Date Thu, 14 Sep 2017 15:20:00 GMT

     [ https://issues.apache.org/jira/browse/THRIFT-4064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

James E. King, III updated THRIFT-4064:
---------------------------------------
    Description: 
ws@0.4.32 is really old and presents issues for users using modern versions of Node (see https://github.com/apache/thrift/pull/672#issuecomment-276678791).
Its should be updated.

In the third pull request, here are the dependencies:

node-int64 ~0.4.0
q ~1.5.0
ws >= 2.2.3 which implies node >= 4.1.0 (https://github.com/websockets/ws/tree/2.2.3)

On the ubuntu-xenial image which uses node v8.4.0 and npm 5.3.0, and on the centos-7.3 image
which uses node v6.11.1 and npm 3.10.10 you end up with the following packages:
{noformat}
root@ddb384ee75a5:/thrift/src/lib/nodejs# npm list --depth 0
thrift@1.0.0-dev /thrift/src
+-- buffer-equals@1.0.4
+-- commander@2.11.0
+-- connect@3.6.3
+-- istanbul@0.4.5
+-- minimatch@3.0.4
+-- node-int64@0.4.0
+-- phantomjs@2.1.7
+-- q@1.5.0
+-- run-browser@2.0.2
+-- tape@4.8.0
+-- utf-8-validate@3.0.3
`-- ws@3.1.0
{noformat}

  was:
ws@0.4.32 is really old and presents issues for users using modern versions of Node (see https://github.com/apache/thrift/pull/672#issuecomment-276678791).
Its should be updated.

In the third pull request, here are the dependencies:

node-int64 ~0.4.0
q ~1.5.0
ws >= 2.2.3 which implies node >= 4.1.0


> Update node library dependencies
> --------------------------------
>
>                 Key: THRIFT-4064
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4064
>             Project: Thrift
>          Issue Type: Improvement
>          Components: Node.js - Library
>    Affects Versions: 0.10.0
>            Reporter: Andres Suarez
>            Assignee: James E. King, III
>              Labels: security-issue
>
> ws@0.4.32 is really old and presents issues for users using modern versions of Node (see
https://github.com/apache/thrift/pull/672#issuecomment-276678791). Its should be updated.
> In the third pull request, here are the dependencies:
> node-int64 ~0.4.0
> q ~1.5.0
> ws >= 2.2.3 which implies node >= 4.1.0 (https://github.com/websockets/ws/tree/2.2.3)
> On the ubuntu-xenial image which uses node v8.4.0 and npm 5.3.0, and on the centos-7.3
image which uses node v6.11.1 and npm 3.10.10 you end up with the following packages:
> {noformat}
> root@ddb384ee75a5:/thrift/src/lib/nodejs# npm list --depth 0
> thrift@1.0.0-dev /thrift/src
> +-- buffer-equals@1.0.4
> +-- commander@2.11.0
> +-- connect@3.6.3
> +-- istanbul@0.4.5
> +-- minimatch@3.0.4
> +-- node-int64@0.4.0
> +-- phantomjs@2.1.7
> +-- q@1.5.0
> +-- run-browser@2.0.2
> +-- tape@4.8.0
> +-- utf-8-validate@3.0.3
> `-- ws@3.1.0
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message