Opened 18 months ago
Closed 18 months ago
#17228 closed enhancement (fixed)
node.js-18.12.1
| Reported by: | Bruce Dubbs | Owned by: | pierre |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New major version?
Change History (18)
comment:1 by , 18 months ago
| Milestone: | 11.3 → hold |
|---|---|
| Summary: | node.js-18.12.0 → node.js-18.12.0 (Hold until somthing needs this) |
comment:2 by , 18 months ago
This is the new long-term support version, so in theory we should be moving to it now. https://github.com/nodejs/release#release-schedule
Any pointers to the problem(s), please ?
comment:3 by , 18 months ago
Somebody (r1c0n3r0) on #lfs-support says that ff is fine with node.js-18.12.0 and python-3.10, but that there are problems with python-3.11...
comment:4 by , 18 months ago
Fedora rawhide (so, using 106 series at the moment) have a patch for python-3.11 https://src.fedoraproject.org/rpms/firefox/blob/rawhide/f/build-python-3.11.patch (three small changes, could be seds) and extra source for firefox re node https://src.fedoraproject.org/rpms/firefox/blob/rawhide/f/node-stdout-nonblocking-wrapper which is
#!/bin/sh exec /usr/bin/node "$@" 2>&1 | cat -
which they activate with
echo 'export NODEJS="%{_buildrootdir}/bin/node-stdout-nonblocking-wrapper"' >> .mozconfig
Obviously their location is specific to how they build
comment:5 by , 18 months ago
I've been running node-v18.12.0 with FF-102.4.0esr for almost a week now with no issues. This is on a 11.2 build with only security updates.
I updated my build/testing environment to python-3.11 last night. For firefox I also needed https://src.fedoraproject.org/rpms/firefox/c/a76220b14695a6e4595c799e565a154a478a8c7a?branch=rawhide I did not need to use the extra node script that Ken mentioned.
comment:6 by , 18 months ago
| Priority: | normal → elevated |
|---|
Now v18.12.1 or v16.18.1 to address three vulnerabilities, two rated as high. [ https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/]
I don't have a Python3 system, I'm unlikely to have one for the next week and my test machine is down, so merely noting this now - unsure if we should go to 18 or stick with 16.
comment:7 by , 18 months ago
Some quick triaging - the two High vulnerabilities have to do with a bundled copy of OpenSSL (I think we use the system version?)
I think we should attempt going for 18
comment:8 by , 18 months ago
From "r1c0n3r0" on #lfs-support:
good news is firefox-102.4.0esr can be built with node-v18.12.1+Python-3.11.0+rustc-1.65.0, requiring the "rU" sed and fedora's xpidl patch mentioned in the node.js ticket. however I don't understand and don't know how to use the 'extra source for firefox re node', so I didn't apply it.
comment:9 by , 18 months ago
| Milestone: | hold → 11.3 |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
| Summary: | node.js-18.12.0 (Hold until somthing needs this) → node.js-18.12.0 |
Will try to update to 18. If it seems too hard, I shall fall back to 16.
comment:10 by , 18 months ago
| Summary: | node.js-18.12.0 → node.js-18.12.1 |
|---|
Now 18.12.1 (this one has the fixes for the security issues). Note that our node-v16 is only affected by the issue rated medium.
comment:11 by , 18 months ago
The whole changelog for the v18 branch is at https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.12.1.
follow-up: 13 comment:12 by , 18 months ago
First error at the very beginning of the build:
Please use python3.10 or python3.9 or python3.8 or python3.7 or python3.6. Node.js configure: Found Python 3.11.0...
comment:13 by , 18 months ago
Replying to pierre:
First error at the very beginning of the build:
Please use python3.10 or python3.9 or python3.8 or python3.7 or python3.6. Node.js configure: Found Python 3.11.0...
Fixed upstream with this commit. The main part is just adding 3.11 to configure. I've used this dirty fix:
sed -i s/10/11/g configure
which would break the build if python-3.10 is still installed... But I am reluctant to using a patch. I'll add a note not to apply the sed if still with python-3.10.
comment:14 by , 18 months ago
Let me give you a better sed:
sed -e '/=.*exec/a command -v python3.11 >/dev/null && exec python3.11 "$0" "$@"' \
-e s'/((/((3, 11), (/' \
-i configure
I have already committed my sed... Feel free to change it, but I am not sure it is necessary.
comment:15 by , 18 months ago
Firefox built ok with the sed for "rU", and the change to pidl.py. Update committed at 38277fd5e.
comment:17 by , 18 months ago
Thunderbird compiled ok with the same changes as firefox. QtWebEngine has (at least, it is still compiling) two errors (both due to python-3.11, not node itself). It needs:
sed -i 's/\^(?i)/(?i)^/' src/3rdparty/chromium/tools/metrics/ukm/ukm_model.py sed -i "s/'rU'/'r'/" src/3rdparty/chromium/tools/grit/grit/util.py
The first one fixes the error reported by Ken in https://lists.linuxfromscratch.org/sympa/arc/blfs-dev/2022-11/msg00021.html. I've checked it is in chromium-102.x, so this does not appear in fedora patches for chromium... And fedora is still using python2 for qtwebengine.
The second one is to implement https://src.fedoraproject.org/rpms/chromium/blob/rawhide/f/chromium-103.0.5060.53-python3-do-not-use-deprecated-mode-U.patch
comment:18 by , 18 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
qtwebengine compiled ok with the above fixes, closing.
This version conflicts wit Firefox and other packages.