[jira] [Closed] (THRIFT-4064) Update node library dependencies

["James E. King, III (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/THRIFT-4064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James E. King, III closed THRIFT-4064.
--------------------------------------

> Update node library dependencies
> --------------------------------
>
>                 Key: THRIFT-4064
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4064
>             Project: Thrift
>          Issue Type: Improvement
>          Components: Node.js - Library
>    Affects Versions: 0.10.0
>            Reporter: Andres Suarez
>            Assignee: James E. King, III
>              Labels: security-issue
>             Fix For: 0.11.0
>
>
> ws@0.4.32 is really old and presents issues for users using modern versions of Node (see https://github.com/apache/thrift/pull/672#issuecomment-276678791). Its should be updated.
> In the third pull request, here are the dependencies:
> node-int64 ~0.4.0
> q ~1.5.0
> ws >= 2.2.3 which implies node >= 4.1.0 (https://github.com/websockets/ws/tree/2.2.3)
> On the ubuntu-xenial image which uses node v8.4.0 and npm 5.3.0, and on the centos-7.3 image which uses node v6.11.1 and npm 3.10.10 you end up with the following packages:
> {noformat}
> root@ddb384ee75a5:/thrift/src/lib/nodejs# npm list --depth 0
> thrift@1.0.0-dev /thrift/src
> +-- buffer-equals@1.0.4
> +-- commander@2.11.0
> +-- connect@3.6.3
> +-- istanbul@0.4.5
> +-- minimatch@3.0.4
> +-- node-int64@0.4.0
> +-- phantomjs@2.1.7
> +-- q@1.5.0
> +-- run-browser@2.0.2
> +-- tape@4.8.0
> +-- utf-8-validate@3.0.3
> `-- ws@3.1.0
> {noformat}
> Node updated to version 8.5 and when that happened the CI builds broke.  Node 8.5, jsdoc, grunt-jsdoc, or something in that area has a backwards compatibility issue in copyFile handling.  I have downgraded node to version 7 on the CI image for now.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)