To close the loop here, we disucssed this in the backend catchup meeting
today and decided:
* We're going to drop node4 support in all our repos, make node6 the
defeault, and start looking at preliminary node8 support.
* Given that node6 ships with npm3, we need to do *something* to fix
shrinkwrap on the auth-server. Sean's going to investigate whether just
requiring npm5 is acceptable or whether we need a fix that works with npm3.
Thanks all,
Ryan
On 16 August 2017 at 02:36, Jon Buckley <[email protected]> wrote:
> I have no concerns about moving to node 6. Adding npm v5 seems like an
> additional step that isn't necessary yet. All you need to do is rename the
> shrinkwrap script in package.json and the infinite loop won't occur, right?
>
> I'd like to upgrade to node 8 after it has gone LTS which should be around
> October 2017.
>
> Jon
>
> On Mon, Aug 14, 2017 at 10:42 PM, John Morrison <[email protected]>
> wrote:
>
>> On 08/14/17 17:40, Ryan Kelly wrote:
>>
>> On 15 August 2017 at 10:20, Sean McArthur <[email protected]> wrote:
>>
>>>
>>> *tl;dr *- Let's upgrade all our stuff to npm5, and remove node4
>>> support, so we can live in the bright new future!
>>>
>>>
>> Thanks for kicking off this discussion, Sean! John and Jon, I'm
>> particularly interested to know whether either of these changes would be
>> scary from an ops/deployment perspective.
>>
>> I'm +1 on moving to npm5. The travis and circle-ci instructions would
>> need to to be changed to install npm@5.
>>
>> Other things:
>> - there's some leftover CXX=g++-4.8 stuff that I think can be removed now
>> (it was for older linux distros)
>> - I thought the `npm shrinkwrap` loop was known and had been fixed in
>> some repos (but maybe I misremember)
>> - I do think there are some places/scripts that reach into
>> `./node_modules/foo/node_modules/bin/bar.js`, but it just needs a
>> grep-audit to discover them/any.
>> - (I'll mildly note that the yarn spin about npm isn't accurate, but I
>> don't really care: Subresource integrity checks are the true way).
>> - By the way, we're also probably due to use node8, but let's do the
>> cleanup for node6/npm5 now.
>>
>> John
>>
>>
>>
>> Cheers,
>>
>> Ryan
>>
>>
>> _______________________________________________
>> Dev-fxacct mailing
>> [email protected]https://mail.mozilla.org/listinfo/dev-fxacct
>>
>>
>>
>> _______________________________________________
>> Dev-fxacct mailing list
>> [email protected]
>> https://mail.mozilla.org/listinfo/dev-fxacct
>>
>>
>
> _______________________________________________
> Dev-fxacct mailing list
> [email protected]
> https://mail.mozilla.org/listinfo/dev-fxacct
>
>
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
