New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump node to 0.12.9 #5603

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
4 participants
@epixa
Member

epixa commented Dec 9, 2015

The new release of 0.12 includes some security fixes that we should roll into our next releases. It's a LTS patch release, so it should be safe update.

For details about the security issues, see: https://nodejs.org/en/blog/release/v0.12.9/

@w33ble

This comment has been minimized.

Member

w33ble commented Dec 9, 2015

Apparently we read from the file to determine the node version to bundle in the build, so this change should be sufficient.

Should we change/remove the engines part from package.json too?

"engines": {
    "node": "0.12",
    "npm": "2.14.3"
  }
@epixa

This comment has been minimized.

Member

epixa commented Dec 9, 2015

Might as well

@epixa

This comment has been minimized.

Member

epixa commented Dec 9, 2015

Done

@Bargs

This comment has been minimized.

Contributor

Bargs commented Dec 9, 2015

Confirmed that the build artifact gets bundled with 0.12.9 and did a quick smoke test to make sure things seemed to be working. LGTM

@Bargs Bargs assigned epixa and unassigned Bargs Dec 9, 2015

@epixa epixa assigned w33ble and unassigned epixa Dec 9, 2015

@w33ble

This comment has been minimized.

Member

w33ble commented Dec 9, 2015

At the risk of seeming pedantic, the npm version that is bundled with 0.12.9 is actually 2.14.9, not 2.14.3.

I'm kind of in favor of removing the engines section completely. We only had it there as a reference, and now that we have .node-version, it seems redundant and unnecessary.

@epixa

This comment has been minimized.

Member

epixa commented Dec 9, 2015

Since engines is included in the package.json of builds, I think removing it would be a backwards compatibility break. It's possible that some users of kibana have configuration/automation that relies on the engine values, which is exactly what the engine values are intended for in the first place.

I'm not saying I'm against removing it, but I think that sort of change should only occur in 5.0.0.

@w33ble

This comment has been minimized.

Member

w33ble commented Dec 9, 2015

Fair enough. We should probably bump the npm version, and maybe add a ^ to that. Or, maybe remove the npm version entirely...

There's a number of ways we can go. This isn't a blocker though, so I'm going to merge this and we can open another issue.

epixa added a commit that referenced this pull request Dec 9, 2015

@elasticsearch-bot

This comment has been minimized.

elasticsearch-bot commented Dec 9, 2015

Joe Fleming merged this into the following branches!

Branch Commits
4.2 01954c1
4.3 cff8302
4.x a3642ab
master b52b2a8

@epixa epixa closed this in b52b2a8 Dec 9, 2015

epixa added a commit that referenced this pull request Dec 9, 2015

epixa added a commit that referenced this pull request Dec 9, 2015

@epixa epixa added v5.0.0-alpha1 and removed v5.0.0-alpha1 labels Mar 31, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment