Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace therubyracer with mini_racer #29285

Merged
merged 1 commit into from May 30, 2017

Conversation

@SamSaffron
Copy link
Contributor

@SamSaffron SamSaffron commented May 30, 2017

therubyracer is a relic, it depends on an ancient version of v8 that has multiple known security vulnerabilities

https://github.com/cowboyd/therubyracer/blob/master/therubyracer.gemspec#L20

In particular this is the equivalent of shipping a dependency to Chrome version 31.

Chrome 31 was released 2013-11-12

All places that talk about therubyracer or include it in templates should be replaced with mini_racer that depends on the most recent version of v8.

per: #29276 (comment)

@rails-bot
Copy link

@rails-bot rails-bot commented May 30, 2017

r? @rafaelfranca

(@rails-bot has picked a reviewer for you, use r? to override)

Copy link
Member

@schneems schneems left a comment

Much faster & quite stable.

@vipulnsward
Copy link
Member

@vipulnsward vipulnsward commented May 30, 2017

I assume this is already compatible with rails maintained sprockets-dependent libs?

@SamSaffron
Copy link
Contributor Author

@SamSaffron SamSaffron commented May 30, 2017

Yeah it has been execjs compatible for a very long time.

Copy link
Member

@guilleiguaran guilleiguaran left a comment

👍

@guilleiguaran guilleiguaran merged commit 53c8dff into rails:master May 30, 2017
2 checks passed
2 checks passed
codeclimate no new or fixed issues
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
jcoyne added a commit to sul-dlss-deprecated/was-thumbnail-service that referenced this pull request Sep 6, 2018
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
jcoyne added a commit to sul-dlss/sul_pub that referenced this pull request Sep 6, 2018
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
peetucket added a commit to sul-dlss/sul_pub that referenced this pull request Sep 7, 2018
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
@jparrish62
Copy link

@jparrish62 jparrish62 commented Jan 30, 2020

I've upgraded from 4.1 to 5.2. I've replaced therubyracer with mini_racer, as a result I'm getting an error "Can't load file v8" I've also tried adding the libv8 gem. Its doesn't help. Any suggestions?

pixeltrix added a commit to pixeltrix/govuk-coronavirus-vulnerable-people-form that referenced this pull request Mar 28, 2020
The gem 'therubyracer' is dependent on an old version of libv8 with
multiple security vulnerabilities and doesn't build easily on the
latest version of macOS. Rails replaced it with the 'mini_racer' gem
in the PR rails/rails#29285.
gbp added a commit to mysociety/alaveteli that referenced this pull request Dec 21, 2020
Use mini_racer which uses a up to date version of libv8 which has
security fixes and recommended upstream in Rails for new applications
which don't have pre-existing JavaScript runtimes in production.

See rails/rails#29285
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

7 participants