Bug 1829414

Summary: rh-nodejs8: One extra rebuild to deliver the last upstream version
Product: Red Hat Software Collections Reporter: Honza Horak <hhorak>
Component: nodejsAssignee: Zuzana Svetlikova <zsvetlik>
Status: CLOSED ERRATA QA Contact: Jan Houska <jhouska>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rh-nodejs8CC: bgollahe, jhouska, jkejda, jorton, thoger, vondruch, zsvetlik
Target Milestone: alpha   
Target Release: 3.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-19 03:44:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1579428, 1598177, 1612068, 1711730    
Bug Blocks: 1829417    

Description Honza Horak 2020-04-29 14:16:15 UTC 
Description of problem:

There is an extra one-off rebase requested for rh-nodejs8 that is already EOL, but PM+rest of the team evaluated this request as important enough to make an exception.

Please, mind, that version is not filled correctly (rh-nodejs8 is not in BZ any more).

Taken from the customer report:

What problem/issue/behavior are you having trouble with?  What do you expect to see?
I know nodejs 8 is out of support now, but we have to use it for a customer  (because a critical function they have only works on nodejs 8 and not nodejs 10 or 12)  and we have to use UBI images because the IBM openshfit and cloud pak for data team forces us to.

The node.js version of UBI image is 8.16.1 This has several security fixes that were fixed in December of last year.  Is it possible to do one last update of your nodejs UBI 8 image to bring it to version 8.17.0 of nodejs.?    Here is the change log https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V8.md
Comment 18 Jan Houska 2020-06-12 10:45:50 UTC 
VERIFIED;

CVEs in npm modules fixed by the rebase:
https://bugzilla.redhat.com/show_bug.cgi?id=1612068   => VERIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1711730   => VERIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1598177   => VERIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1579428   => VERIFIED







ll ./deps/npm/man/man5/npm-shrinkwrap.json.5; ll ./deps/npm/man/man5/package.json.5; ll ./deps/npm/man/man5/package-lock.json.5; ll ./deps/npm/man/man5/package-json.5; ll ./deps/npm/man/man5/package-lock-json.5; ll ./deps/npm/man/man5/shrinkwrap-json.5; ll ./deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/compile_commands_json.py; ll./deps/npm/node_modules/node-gyp/tools/gyp/pylib/gyp/generator/compile_commands_json.py

ls: nelze přistoupit k ./deps/npm/man/man5/npm-shrinkwrap.json.5: Adresář nebo soubor neexistuje
ls: nelze přistoupit k ./deps/npm/man/man5/package.json.5: Adresář nebo soubor neexistuje
ls: nelze přistoupit k ./deps/npm/man/man5/package-lock.json.5: Adresář nebo soubor neexistuje
-rw-r--r--. 1 16119 16119 29222 17. pro 01.54 ./deps/npm/man/man5/package-json.5
-rw-r--r--. 1 16119 16119 6138 17. pro 01.54 ./deps/npm/man/man5/package-lock-json.5
-rw-r--r--. 1 16119 16119 1267 17. pro 01.54 ./deps/npm/man/man5/shrinkwrap-json.5
-rw-r--r--. 1 16119 16119 4285 17. pro 01.54 ./deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/compile_commands_json.py
bash: ll./deps/npm/node_modules/node-gyp/tools/gyp/pylib/gyp/generator/compile_commands_json.py: Adresář nebo soubor neexistuje
Comment 20 errata-xmlrpc 2020-06-19 03:44:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:2625