Details
-
Improvement
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
0.11.0
Description
The npm libraries that our js and nodejs depend on are starting to go end of life.
As it stands the build is just barely holding together, and as of 5 hours ago the "ws" package dropped support for node < 4.5.0; Ubuntu Xenial 16.04 LTS uses node v4.2.6.
There are other issues:
Running "shell:InstallThriftNodeJSDep" (shell) task
WARN engine hawk@6.0.2: wanted: {"node":">=4.5.0"} (current: {"node":"4.2.6","npm":"3.5.2"})
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
Some of these are security issues.
In addition the js module depends on https://www.npmjs.com/package/grunt-external-daemon which requires grunt 0.4.0, which is really old and may contribute to requiring older versions of things that are posting deprecations.
