Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

Bump node-gyp; disable binary builds in CI for old Node #2639

Closed
wants to merge 2 commits into from
Closed

Bump node-gyp; disable binary builds in CI for old Node #2639

wants to merge 2 commits into from

Conversation

xzyfer
Copy link
Contributor

@xzyfer xzyfer commented Apr 24, 2019
edited
Loading

Technically this is a breaking change for Node < 4. We still see
a bananas amount of downloads for Node 0.10 on CI - presumably CI
environments.

The breakage is limited only to building the binaries locally. This
means node-sass will continue to install, and operate as normal on
all our support Node 0.10 and 0.12 environments.

IMHO this is a fair trade off to address the npm audit noise without
the disruption of forcing a major version bump before we're ready.

Unfortunately this means any LibSass updates are going to be a huge pain!

Attempt to fix #2625

@xzyfer xzyfer requested a review from nschonni April 24, 2019 09:20
@xzyfer xzyfer self-assigned this Apr 24, 2019
@xzyfer
Bump node-gyp; disable binary builds in CI
223bb4b 
Technically this is a breaking change for Node < 4. We still see
a bananas amount of downloads for Node 0.10 on CI - presumably CI
environments.

The breakage is limited only to building the binaries locally. This
means node-sass will continue to install, and operate as normal on
all our support Node 0.10 and 0.12 environments.

IMHO this is a fair trade off to address the `npm audit` noise without
the disruption of forcing a major version bump before we're ready.
@xzyfer
Stop using the default node target in Travis CI
c9dd6f6
@xzyfer
Copy link
Contributor Author

xzyfer commented Apr 24, 2019

CI seems happy but I cannot get the AppVeyor build to start. Happy to deal with AppVeyor once this is on master.

@Toxicable Toxicable mentioned this pull request Apr 24, 2019
Closed
14 tasks
@xzyfer
Copy link
Contributor Author

xzyfer commented Apr 25, 2019

Waiting to see how this develops isaacs/node-tar#212

@xzyfer xzyfer changed the title Bump node-gyp; disable binary builds in CI Bump node-gyp; disable binary builds in CI for old Node Apr 25, 2019
@tsongas

This comment has been minimized.

Sign in to view
@nschonni nschonni mentioned this pull request May 2, 2019
Closed
@sass sass deleted a comment from AzRu May 3, 2019
@sass sass deleted a comment from pl4yradam May 3, 2019
@sass sass deleted a comment from JGough-Initiafy May 3, 2019
@sass sass locked as off-topic and limited conversation to collaborators May 3, 2019
@nschonni
Copy link
Contributor

Closing since the tar issue is resolved. In v5 it will probably get bumped or replaced with node-pre-gyp instead

@nschonni nschonni closed this May 15, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nschonni nschonni Awaiting requested review from nschonni

Assignees

@xzyfer xzyfer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security] Vulnerability in tar
3 participants
@xzyfer @tsongas @nschonni