Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace therubyracer with mini_racer #29285

Merged
merged 1 commit into from
May 30, 2017

Conversation

SamSaffron
Copy link
Contributor

therubyracer is a relic, it depends on an ancient version of v8 that has multiple known security vulnerabilities

https://github.com/cowboyd/therubyracer/blob/master/therubyracer.gemspec#L20

In particular this is the equivalent of shipping a dependency to Chrome version 31.

Chrome 31 was released 2013-11-12

All places that talk about therubyracer or include it in templates should be replaced with mini_racer that depends on the most recent version of v8.

per: #29276 (comment)

@rails-bot
Copy link

r? @rafaelfranca

(@rails-bot has picked a reviewer for you, use r? to override)

Copy link
Member

@schneems schneems left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much faster & quite stable.

@vipulnsward
Copy link
Member

I assume this is already compatible with rails maintained sprockets-dependent libs?

@SamSaffron
Copy link
Contributor Author

Yeah it has been execjs compatible for a very long time.

Copy link
Member

@guilleiguaran guilleiguaran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@guilleiguaran guilleiguaran merged commit 53c8dff into rails:master May 30, 2017
jcoyne added a commit to sul-dlss-deprecated/was-thumbnail-service that referenced this pull request Sep 6, 2018
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
jcoyne added a commit to sul-dlss/sul_pub that referenced this pull request Sep 6, 2018
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
peetucket pushed a commit to sul-dlss/sul_pub that referenced this pull request Sep 7, 2018
therubyracer has been abandoned by Rails: rails/rails#29285
It is no longer compatible with the latest version of
autoprefixer-rails: ai/autoprefixer-rails#137
@jparrish62
Copy link

I've upgraded from 4.1 to 5.2. I've replaced therubyracer with mini_racer, as a result I'm getting an error "Can't load file v8" I've also tried adding the libv8 gem. Its doesn't help. Any suggestions?

pixeltrix added a commit to pixeltrix/govuk-coronavirus-vulnerable-people-form that referenced this pull request Mar 28, 2020
The gem 'therubyracer' is dependent on an old version of libv8 with
multiple security vulnerabilities and doesn't build easily on the
latest version of macOS. Rails replaced it with the 'mini_racer' gem
in the PR rails/rails#29285.
gbp added a commit to mysociety/alaveteli that referenced this pull request Dec 21, 2020
Use mini_racer which uses a up to date version of libv8 which has
security fixes and recommended upstream in Rails for new applications
which don't have pre-existing JavaScript runtimes in production.

See rails/rails#29285
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

7 participants