James E. King, III created THRIFT-4509:
------------------------------------------

             Summary: js and nodejs libraries need to be refreshed with current 
libraries
                 Key: THRIFT-4509
                 URL: https://issues.apache.org/jira/browse/THRIFT-4509
             Project: Thrift
          Issue Type: Improvement
          Components: JavaScript - Library, Node.js - Library
    Affects Versions: 0.11.0
            Reporter: James E. King, III


The npm libraries that our js and nodejs depend on are starting to go end of 
life.
As it stands the build is just barely holding together, and as of 5 hours ago 
the "ws" package dropped support for node < 4.5.0; Ubuntu Xenial 16.04 LTS uses 
node v4.2.6.

There are other issues:

{noformat}
Running "shell:InstallThriftNodeJSDep" (shell) task
WARN engine hawk@6.0.2: wanted: {"node":">=4.5.0"} (current: 
{"node":"4.2.6","npm":"3.5.2"})
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher 
to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or 
higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher 
to avoid a RegExp DoS issue
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or 
higher to avoid a RegExp DoS issue
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie 
https://nodesecurity.io/advisories/130
{noformat}

Some of these are security issues.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to