bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#34526: Updating node.js

From: Christopher Lemmer Webber
Subject: bug#34526: Updating node.js
Date: Wed, 20 Nov 2019 09:26:22 -0500
User-agent: mu4e 1.2.0; emacs 26.3 
Marius Bakke writes:

> Christopher Lemmer Webber <address@hidden> writes:
>
>> Daniel Gerber writes:
>>
>>> Hi,
>>>
>>> 2019-02-20, Jelle Licht:
>>>> Daniel Gerber <address@hidden> writes:
>>>>
>>>>>   [snip]
>>>>> What about statically linking llhttp's C "sources" included in
>>>>> node?   Building v11.10.0 succeeds with this:
>>>>
>>>> You could do this, of course, but afaics this is not acceptable for
>>>> inclusion in Guix proper.
>>>>
>>>> I don't really see any way forward between convincing the fine node
>>>> folks to see the 'error of their ways', or to implement a
>>>> ABI-compatible
>>>> replacement for llhttp that we can actually bootstrap.
>>>
>>> Although I would prefer the convincing-the-fine-node-folks solution,
>>> here are two more ways to avoid dropping node with the EOL of 8.x(LTS)
>>> at the end of 2019.
>>>
>>> - Remove llhttp and keep only the "legacy" http-parser, or
>>>
>>> - Accept to bootstrap it -- I mean use intermediary self-compiling
>>> steps, like ccl, golang, java, or haskell do.
>>> The build-time dependencies are: node@11.x -> llhttp -> ts-node ->
>>> typescript -> self (typescript), plus quite a few npm packages.
>>> It seems that node@8.x or 9.x should be a native-input to later
>>> versions, but I do not know enough of Guile / Guix packaging to do it
>>> myself anytime soon.
>>
>> Hello,
>>
>> Went through the process of trying to update node myself, not having
>> remembered this bug.  Ran into the same issue.
>>
>> The bug was closed; I doubt we are going to convince the Node folks.
>>
>> Quite a few high-importance projects rely on Node at this point, and we
>> are running an out of date Node which I suspect probably has quite a few
>> insecurities.
>>
>> Our version of Node:   v10.16.0
>> LTS Node:              v12.13.0
>> Latest Node:           v13.1.0
>>
>> One way or another, we will probably need to update.  Both Chromium and
>> Icecat depend on Node at this point.  I'm not sure if either of them use
>> Node in any active way that an insecruity could manifest or if it's
>> "just for packaging" but I think there's good reason to be nervous about
>> being so out of date.
>
> Node 10.x is maintained until April 2021 though:
>
> https://nodejs.org/en/about/releases/
>
> ...so we still have some time to figure out how to bootstrap Node 12.x
> and later.

That's fair.

I have a personal project that requires that I use a newer version of
Node (at least version 11).  So if anyone has a recipe on how to get
Node running, even the wrong way per Guix standards, maybe useful to
post to this bug in the meanwhile?  It might also still help advance
this bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]