[
https://issues.apache.org/jira/browse/THRIFT-4509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16389810#comment-16389810
]
ASF GitHub Bot commented on THRIFT-4509:
----------------------------------------
GitHub user bananer opened a pull request:
https://github.com/apache/thrift/pull/1501
THRIFT-4509: remove nodejs browser test
Removes the dependency on outdated npm libraries.
This test was previously disabled, and I think it is safe to remove since
the communication between browser client and nodejs server is already being
tested properly from the JS perspective.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/bananer/thrift
THRIFT-4509-remove-nodejs-browser-test
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/thrift/pull/1501.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1501
----
commit e1bfa1e42458c8ececd386d532b7f573da717fcc
Author: Philip Frank <ich@...>
Date: 2018-03-07T17:01:56Z
THRIFT-4509: remove nodejs browser test
----
> js and nodejs libraries need to be refreshed with current libraries
> -------------------------------------------------------------------
>
> Key: THRIFT-4509
> URL: https://issues.apache.org/jira/browse/THRIFT-4509
> Project: Thrift
> Issue Type: Improvement
> Components: JavaScript - Library, Node.js - Library
> Affects Versions: 0.11.0
> Reporter: James E. King, III
> Priority: Critical
> Labels: security
>
> The npm libraries that our js and nodejs depend on are starting to go end of
> life.
> As it stands the build is just barely holding together, and as of 5 hours ago
> the "ws" package dropped support for node < 4.5.0; Ubuntu Xenial 16.04 LTS
> uses node v4.2.6.
> There are other issues:
> {noformat}
> Running "shell:InstallThriftNodeJSDep" (shell) task
> WARN engine hawk@6.0.2: wanted: {"node":">=4.5.0"} (current:
> {"node":"4.2.6","npm":"3.5.2"})
> npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or
> higher to avoid a RegExp DoS issue
> npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or
> higher to avoid a RegExp DoS issue
> npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or
> higher to avoid a RegExp DoS issue
> npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or
> higher to avoid a RegExp DoS issue
> npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
> npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing
> Set-Cookie https://nodesecurity.io/advisories/130
> {noformat}
> Some of these are security issues.
> In addition the js module depends on
> https://www.npmjs.com/package/grunt-external-daemon which requires grunt
> 0.4.0, which is really old and may contribute to requiring older versions of
> things that are posting deprecations.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
