Replace therubyracer with mini_racer #29285
Merged
Conversation
|
(@rails-bot has picked a reviewer for you, use r? to override) |
|
Much faster & quite stable. |
|
I assume this is already compatible with rails maintained sprockets-dependent libs? |
|
Yeah it has been execjs compatible for a very long time. |
|
|
jcoyne
added a commit
to sul-dlss-deprecated/was-thumbnail-service
that referenced
this pull request
Sep 6, 2018
therubyracer has been abandoned by Rails: rails/rails#29285 It is no longer compatible with the latest version of autoprefixer-rails: ai/autoprefixer-rails#137
This was referenced Sep 6, 2018
jcoyne
added a commit
to sul-dlss/sul_pub
that referenced
this pull request
Sep 6, 2018
therubyracer has been abandoned by Rails: rails/rails#29285 It is no longer compatible with the latest version of autoprefixer-rails: ai/autoprefixer-rails#137
peetucket
added a commit
to sul-dlss/sul_pub
that referenced
this pull request
Sep 7, 2018
therubyracer has been abandoned by Rails: rails/rails#29285 It is no longer compatible with the latest version of autoprefixer-rails: ai/autoprefixer-rails#137
This was referenced Nov 6, 2018
|
I've upgraded from 4.1 to 5.2. I've replaced therubyracer with mini_racer, as a result I'm getting an error "Can't load file v8" I've also tried adding the libv8 gem. Its doesn't help. Any suggestions? |
pixeltrix
added a commit
to pixeltrix/govuk-coronavirus-vulnerable-people-form
that referenced
this pull request
Mar 28, 2020
The gem 'therubyracer' is dependent on an old version of libv8 with multiple security vulnerabilities and doesn't build easily on the latest version of macOS. Rails replaced it with the 'mini_racer' gem in the PR rails/rails#29285.
gbp
added a commit
to mysociety/alaveteli
that referenced
this pull request
Dec 21, 2020
Use mini_racer which uses a up to date version of libv8 which has security fixes and recommended upstream in Rails for new applications which don't have pre-existing JavaScript runtimes in production. See rails/rails#29285
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
therubyracer is a relic, it depends on an ancient version of v8 that has multiple known security vulnerabilities
https://github.com/cowboyd/therubyracer/blob/master/therubyracer.gemspec#L20
In particular this is the equivalent of shipping a dependency to Chrome version 31.
Chrome 31 was released 2013-11-12
All places that talk about therubyracer or include it in templates should be replaced with mini_racer that depends on the most recent version of v8.
per: #29276 (comment)