This allows Node 9 to be used by ronkorving · Pull Request #211 · mage/mage · GitHub
Skip to content

This allows Node 9 to be used#211

Merged
stelcheck merged 2 commits into
mage:masterfrom
ronkorving:allow-node-9
Mar 14, 2018
Merged

This allows Node 9 to be used#211
stelcheck merged 2 commits into
mage:masterfrom
ronkorving:allow-node-9

Conversation

@ronkorving

Copy link
Copy Markdown
Member

It also removes Node 7 from the test-matrix (even though technically we can support it), so we can focus on the important versions. 7 has been superceded by 8 and is not maintained (ie: use at your own risk).

This bump was previously prevented by sqlite3 not being compatible with Node 9. It is now, however, so this PR bumps the sqlite3 version accordingly.

Closes #204

It also removes Node 7 from the test-matrix (even though technically we can support it),
so we can focus on the important versions. 7 has been superceded by 8 and is not
maintained (ie: use at your own risk).
@ronkorving

Copy link
Copy Markdown
Member Author

@ronkorving

Copy link
Copy Markdown
Member Author

A new version of node-pre-gyp has been released, but I don't think node-sqlite3 uses it yet.

@stelcheck

Copy link
Copy Markdown
Member

At first glance it appears like we should be able to safely ignore those. Can you confirm?

@stelcheck

Copy link
Copy Markdown
Member

Alternatively we can wait until #180 is completed and merged.

@ronkorving

Copy link
Copy Markdown
Member Author

Whichever lands first I guess :)

While safe to ignore, it marks all builds as broken from hereon. I don't think that's really desirable.

@stelcheck

Copy link
Copy Markdown
Member

I believe I mentioned this to you last time we had this issue, but you can ignore those errors by adding entries to the .retireignore file.

@ronkorving

Copy link
Copy Markdown
Member Author

Ah yes indeed, but what will trigger us to pull it out again? Or should we make a rule of adding all dev dependencies to .retireignore?

@stelcheck

Copy link
Copy Markdown
Member

We are probably better off adding problematic dependencies that can safely be ignored on a case-per-case basis. We should aim at ignoring as little as possible.

@ronkorving

Copy link
Copy Markdown
Member Author

Progress being made on sqlite3: TryGhost/node-sqlite3#952

@ronkorving

Copy link
Copy Markdown
Member Author

I've suppressed "low" level security warnings. Maybe that will do for now.

I couldn't get exceptions to work:

  • I didn't want to outran ignore an entire package like lodash, but retireignore doesn't support version specificity.
  • Ignoring a package does not retire ignore its children (so can't suppress sqlite3 in order for some child down the tree not to cry).
  • I pointed at the package of the insecure version in its specific location, but it was not being ignored. Couldn't get this to work.

@stelcheck stelcheck merged commit 5c899d3 into mage:master Mar 14, 2018
@ronkorving ronkorving deleted the allow-node-9 branch March 14, 2018 13:36
@ronkorving

Copy link
Copy Markdown
Member Author

@stelcheck

Copy link
Copy Markdown
Member

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants