From: Christopher Lemmer Webber <cwebber@dustycloud.org>
To: 34526@debbugs.gnu.org
Cc: jlicht@fsfe.org
Subject: bug#34526: Updating node.js
Date: Sat, 16 Nov 2019 15:28:30 -0500 [thread overview]
Message-ID: <871ru7h8gh.fsf@dustycloud.org> (raw)
In-Reply-To: <87va1doz0z.fsf@atufi.org>
Daniel Gerber writes:
> Hi,
>
> 2019-02-20, Jelle Licht:
>> Daniel Gerber <dg@atufi.org> writes:
>>
>>> [snip]
>>> What about statically linking llhttp's C "sources" included in
>>> node? Building v11.10.0 succeeds with this:
>>
>> You could do this, of course, but afaics this is not acceptable for
>> inclusion in Guix proper.
>>
>> I don't really see any way forward between convincing the fine node
>> folks to see the 'error of their ways', or to implement a
>> ABI-compatible
>> replacement for llhttp that we can actually bootstrap.
>
> Although I would prefer the convincing-the-fine-node-folks solution,
> here are two more ways to avoid dropping node with the EOL of 8.x(LTS)
> at the end of 2019.
>
> - Remove llhttp and keep only the "legacy" http-parser, or
>
> - Accept to bootstrap it -- I mean use intermediary self-compiling
> steps, like ccl, golang, java, or haskell do.
> The build-time dependencies are: node@11.x -> llhttp -> ts-node ->
> typescript -> self (typescript), plus quite a few npm packages.
> It seems that node@8.x or 9.x should be a native-input to later
> versions, but I do not know enough of Guile / Guix packaging to do it
> myself anytime soon.
Hello,
Went through the process of trying to update node myself, not having
remembered this bug. Ran into the same issue.
The bug was closed; I doubt we are going to convince the Node folks.
Quite a few high-importance projects rely on Node at this point, and we
are running an out of date Node which I suspect probably has quite a few
insecurities.
Our version of Node: v10.16.0
LTS Node: v12.13.0
Latest Node: v13.1.0
One way or another, we will probably need to update. Both Chromium and
Icecat depend on Node at this point. I'm not sure if either of them use
Node in any active way that an insecruity could manifest or if it's
"just for packaging" but I think there's good reason to be nervous about
being so out of date.
next prev parent reply other threads:[~2019-11-16 20:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-18 14:36 bug#34526: Updating node.js Daniel Gerber
2019-02-18 20:50 ` Jelle Licht
2019-02-19 8:06 ` Björn Höfling
2019-02-19 16:42 ` Daniel Gerber
2019-02-19 17:00 ` Daniel Gerber
2019-02-20 13:59 ` Jelle Licht
2019-02-21 17:02 ` Daniel Gerber
2019-11-16 20:28 ` Christopher Lemmer Webber [this message]
2019-11-17 18:25 ` Marius Bakke
2019-11-20 14:26 ` Christopher Lemmer Webber
2019-11-21 13:34 ` Jelle Licht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871ru7h8gh.fsf@dustycloud.org \
--to=cwebber@dustycloud.org \
--cc=34526@debbugs.gnu.org \
--cc=jlicht@fsfe.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).