thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James E. King, III (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (THRIFT-4509) js and nodejs libraries need to be refreshed with current libraries
Date Tue, 13 Mar 2018 15:50:00 GMT

     [ https://issues.apache.org/jira/browse/THRIFT-4509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

James E. King, III resolved THRIFT-4509.
----------------------------------------
       Resolution: Fixed
         Assignee: James E. King, III
    Fix Version/s: 0.12.0

Changes committed that break these old dependencies, thank you!

> js and nodejs libraries need to be refreshed with current libraries
> -------------------------------------------------------------------
>
>                 Key: THRIFT-4509
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4509
>             Project: Thrift
>          Issue Type: Improvement
>          Components: JavaScript - Library
>    Affects Versions: 0.11.0
>            Reporter: James E. King, III
>            Assignee: James E. King, III
>            Priority: Critical
>              Labels: security
>             Fix For: 0.12.0
>
>
> The npm libraries that our js and nodejs depend on are starting to go end of life.
> As it stands the build is just barely holding together, and as of 5 hours ago the "ws"
package dropped support for node < 4.5.0; Ubuntu Xenial 16.04 LTS uses node v4.2.6.
> There are other issues:
> {noformat}
> Running "shell:InstallThriftNodeJSDep" (shell) task
> WARN engine hawk@6.0.2: wanted: {"node":">=4.5.0"} (current: {"node":"4.2.6","npm":"3.5.2"})
> npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid
a RegExp DoS issue
> npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid
a RegExp DoS issue
> npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher to avoid
a RegExp DoS issue
> npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid
a RegExp DoS issue
> npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
> npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
> {noformat}
> Some of these are security issues.
> In addition the js module depends on https://www.npmjs.com/package/grunt-external-daemon
which requires grunt 0.4.0, which is really old and may contribute to requiring older versions
of things that are posting deprecations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message