Re: [jira] [Commented] (THRIFT-4509) js and nodejs libraries need to be refreshed with current libraries

Mon, 12 Mar 2018 21:04:25 -0700 

unsubscribe

2018-03-13 10:56 GMT+08:00 ASF GitHub Bot (JIRA) <j...@apache.org>:

>
>     [ https://issues.apache.org/jira/browse/THRIFT-4509?page=
> com.atlassian.jira.plugin.system.issuetabpanels:comment-
> tabpanel&focusedCommentId=16396456#comment-16396456 ]
>
> ASF GitHub Bot commented on THRIFT-4509:
> ----------------------------------------
>
> Github user jeking3 commented on the issue:
>
>     https://github.com/apache/thrift/pull/1506
>
>     I see, you need to build Java first?
>
>
> > js and nodejs libraries need to be refreshed with current libraries
> > -------------------------------------------------------------------
> >
> >                 Key: THRIFT-4509
> >                 URL: https://issues.apache.org/jira/browse/THRIFT-4509
> >             Project: Thrift
> >          Issue Type: Improvement
> >          Components: JavaScript - Library, Node.js - Library
> >    Affects Versions: 0.11.0
> >            Reporter: James E. King, III
> >            Priority: Critical
> >              Labels: security
> >
> > The npm libraries that our js and nodejs depend on are starting to go
> end of life.
> > As it stands the build is just barely holding together, and as of 5
> hours ago the "ws" package dropped support for node < 4.5.0; Ubuntu Xenial
> 16.04 LTS uses node v4.2.6.
> > There are other issues:
> > {noformat}
> > Running "shell:InstallThriftNodeJSDep" (shell) task
> > WARN engine hawk@6.0.2: wanted: {"node":">=4.5.0"} (current:
> {"node":"4.2.6","npm":"3.5.2"})
> > npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2
> or higher to avoid a RegExp DoS issue
> > npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2
> or higher to avoid a RegExp DoS issue
> > npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2
> or higher to avoid a RegExp DoS issue
> > npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2
> or higher to avoid a RegExp DoS issue
> > npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
> > npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing
> Set-Cookie https://nodesecurity.io/advisories/130
> > {noformat}
> > Some of these are security issues.
> > In addition the js module depends on https://www.npmjs.com/package/
> grunt-external-daemon which requires grunt 0.4.0, which is really old and
> may contribute to requiring older versions of things that are posting
> deprecations.
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v7.6.3#76005)
>

Reply via email to