[ https://issues.apache.org/jira/browse/THRIFT-4509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King, III resolved THRIFT-4509. ---------------------------------------- Resolution: Fixed Assignee: James E. King, III Fix Version/s: 0.12.0 Changes committed that break these old dependencies, thank you! > js and nodejs libraries need to be refreshed with current libraries > ------------------------------------------------------------------- > > Key: THRIFT-4509 > URL: https://issues.apache.org/jira/browse/THRIFT-4509 > Project: Thrift > Issue Type: Improvement > Components: JavaScript - Library > Affects Versions: 0.11.0 > Reporter: James E. King, III > Assignee: James E. King, III > Priority: Critical > Labels: security > Fix For: 0.12.0 > > > The npm libraries that our js and nodejs depend on are starting to go end of > life. > As it stands the build is just barely holding together, and as of 5 hours ago > the "ws" package dropped support for node < 4.5.0; Ubuntu Xenial 16.04 LTS > uses node v4.2.6. > There are other issues: > {noformat} > Running "shell:InstallThriftNodeJSDep" (shell) task > WARN engine hawk@6.0.2: wanted: {"node":">=4.5.0"} (current: > {"node":"4.2.6","npm":"3.5.2"}) > npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or > higher to avoid a RegExp DoS issue > npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or > higher to avoid a RegExp DoS issue > npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or > higher to avoid a RegExp DoS issue > npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or > higher to avoid a RegExp DoS issue > npm WARN deprecated node-uuid@1.4.8: Use uuid module instead > npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing > Set-Cookie https://nodesecurity.io/advisories/130 > {noformat} > Some of these are security issues. > In addition the js module depends on > https://www.npmjs.com/package/grunt-external-daemon which requires grunt > 0.4.0, which is really old and may contribute to requiring older versions of > things that are posting deprecations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)