bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#34526: Updating node.js

From: Marius Bakke
Subject: bug#34526: Updating node.js
Date: Sun, 17 Nov 2019 19:25:33 +0100
User-agent: Notmuch/0.29.1 (https://notmuchmail.org) Emacs/26.3 (x86_64-pc-linux-gnu) 
Christopher Lemmer Webber <address@hidden> writes:

> Daniel Gerber writes:
>
>> Hi,
>>
>> 2019-02-20, Jelle Licht:
>>> Daniel Gerber <address@hidden> writes:
>>>
>>>>   [snip]
>>>> What about statically linking llhttp's C "sources" included in
>>>> node?   Building v11.10.0 succeeds with this:
>>>
>>> You could do this, of course, but afaics this is not acceptable for
>>> inclusion in Guix proper.
>>>
>>> I don't really see any way forward between convincing the fine node
>>> folks to see the 'error of their ways', or to implement a
>>> ABI-compatible
>>> replacement for llhttp that we can actually bootstrap.
>>
>> Although I would prefer the convincing-the-fine-node-folks solution,
>> here are two more ways to avoid dropping node with the EOL of 8.x(LTS)
>> at the end of 2019.
>>
>> - Remove llhttp and keep only the "legacy" http-parser, or
>>
>> - Accept to bootstrap it -- I mean use intermediary self-compiling
>> steps, like ccl, golang, java, or haskell do.
>> The build-time dependencies are: node@11.x -> llhttp -> ts-node ->
>> typescript -> self (typescript), plus quite a few npm packages.
>> It seems that node@8.x or 9.x should be a native-input to later
>> versions, but I do not know enough of Guile / Guix packaging to do it
>> myself anytime soon.
>
> Hello,
>
> Went through the process of trying to update node myself, not having
> remembered this bug.  Ran into the same issue.
>
> The bug was closed; I doubt we are going to convince the Node folks.
>
> Quite a few high-importance projects rely on Node at this point, and we
> are running an out of date Node which I suspect probably has quite a few
> insecurities.
>
> Our version of Node:   v10.16.0
> LTS Node:              v12.13.0
> Latest Node:           v13.1.0
>
> One way or another, we will probably need to update.  Both Chromium and
> Icecat depend on Node at this point.  I'm not sure if either of them use
> Node in any active way that an insecruity could manifest or if it's
> "just for packaging" but I think there's good reason to be nervous about
> being so out of date.

Node 10.x is maintained until April 2021 though:

https://nodejs.org/en/about/releases/

...so we still have some time to figure out how to bootstrap Node 12.x
and later.

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]