/rails

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace therubyracer with mini_racer #29285

Merged
merged 1 commit into from May 30, 2017

Conversation

Reviewers

@schneems schneems

@guilleiguaran guilleiguaran

Assignees

@rafaelfranca rafaelfranca

Labels
asset pipeline railties
Projects
None yet
Milestone
No milestone
6 participants
@SamSaffron @rails-bot @vipulnsward @schneems @guilleiguaran @rafaelfranca
@SamSaffron
Contributor

SamSaffron commented May 30, 2017

therubyracer is a relic, it depends on an ancient version of v8 that has multiple known security vulnerabilities

https://github.com/cowboyd/therubyracer/blob/master/therubyracer.gemspec#L20

In particular this is the equivalent of shipping a dependency to Chrome version 31.

Chrome 31 was released 2013-11-12

All places that talk about therubyracer or include it in templates should be replaced with mini_racer that depends on the most recent version of v8.

per: #29276 (comment)

@rails-bot rails-bot assigned rafaelfranca May 30, 2017

@rails-bot

This comment has been minimized.

Sign in to view

rails-bot commented May 30, 2017

r? @rafaelfranca

(@rails-bot has picked a reviewer for you, use r? to override)
@schneems

schneems approved these changes May 30, 2017
View changes

Much faster & quite stable.

@vipulnsward

This comment has been minimized.

Sign in to view
Member

vipulnsward commented May 30, 2017

I assume this is already compatible with rails maintained sprockets-dependent libs?

@vipulnsward vipulnsward added railties asset pipeline labels May 30, 2017

@SamSaffron

This comment has been minimized.

Sign in to view
Contributor

SamSaffron commented May 30, 2017

Yeah it has been execjs compatible for a very long time.
@guilleiguaran

guilleiguaran approved these changes May 30, 2017
View changes

👍

@guilleiguaran guilleiguaran merged commit 53c8dff into rails:master May 30, 2017
2 checks passed

2 checks passed

codeclimate no new or fixed issues
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@snowfield702 snowfield702 referenced this pull request May 17, 2018

Closed

Create rails application with skip sprockets #15

jcoyne added a commit to sul-dlss/was-thumbnail-service that referenced this pull request Sep 6, 2018

@jcoyne
Remove therubyracer in favor of nodejs 
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
Loading status checks…
cbf7a7d

This was referenced Sep 6, 2018

Merged
Merged

jcoyne added a commit to sul-dlss/sul_pub that referenced this pull request Sep 6, 2018

@jcoyne
Remove therubyracer in favor of nodejs 
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
Loading status checks…
51daa09

@jcoyne jcoyne referenced this pull request Sep 6, 2018

Merged

Remove therubyracer in favor of nodejs #924

peetucket added a commit to sul-dlss/sul_pub that referenced this pull request Sep 7, 2018

@jcoyne @peetucket
Remove therubyracer in favor of nodejs 
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
Loading status checks…
de4645e

This was referenced Nov 6, 2018

Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment