Bug 1829414 - rh-nodejs8: One extra rebuild to deliver the last upstream version
Summary: rh-nodejs8: One extra rebuild to deliver the last upstream version
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: nodejs
Version: rh-nodejs8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: alpha
: 3.5
Assignee: Zuzana Svetlikova
QA Contact: Jan Houska
URL:
Whiteboard:
Depends On: 1579428 1598177 1612068 1711730
Blocks: 1829417
TreeView+ depends on / blocked
 
Reported: 2020-04-29 14:16 UTC by Honza Horak
Modified: 2023-10-06 19:48 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-06-19 03:44:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:2625 0 None None None 2020-06-19 03:45:01 UTC

Description Honza Horak 2020-04-29 14:16:15 UTC 
Description of problem:

There is an extra one-off rebase requested for rh-nodejs8 that is already EOL, but PM+rest of the team evaluated this request as important enough to make an exception.

Please, mind, that version is not filled correctly (rh-nodejs8 is not in BZ any more).

Taken from the customer report:

What problem/issue/behavior are you having trouble with?  What do you expect to see?
I know nodejs 8 is out of support now, but we have to use it for a customer  (because a critical function they have only works on nodejs 8 and not nodejs 10 or 12)  and we have to use UBI images because the IBM openshfit and cloud pak for data team forces us to.

The node.js version of UBI image is 8.16.1 This has several security fixes that were fixed in December of last year.  Is it possible to do one last update of your nodejs UBI 8 image to bring it to version 8.17.0 of nodejs.?    Here is the change log https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V8.md
Comment 18 Jan Houska 2020-06-12 10:45:50 UTC 
VERIFIED;

CVEs in npm modules fixed by the rebase:
https://bugzilla.redhat.com/show_bug.cgi?id=1612068   => VERIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1711730   => VERIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1598177   => VERIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1579428   => VERIFIED







ll ./deps/npm/man/man5/npm-shrinkwrap.json.5; ll ./deps/npm/man/man5/package.json.5; ll ./deps/npm/man/man5/package-lock.json.5; ll ./deps/npm/man/man5/package-json.5; ll ./deps/npm/man/man5/package-lock-json.5; ll ./deps/npm/man/man5/shrinkwrap-json.5; ll ./deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/compile_commands_json.py; ll./deps/npm/node_modules/node-gyp/tools/gyp/pylib/gyp/generator/compile_commands_json.py

ls: nelze přistoupit k ./deps/npm/man/man5/npm-shrinkwrap.json.5: Adresář nebo soubor neexistuje
ls: nelze přistoupit k ./deps/npm/man/man5/package.json.5: Adresář nebo soubor neexistuje
ls: nelze přistoupit k ./deps/npm/man/man5/package-lock.json.5: Adresář nebo soubor neexistuje
-rw-r--r--. 1 16119 16119 29222 17. pro 01.54 ./deps/npm/man/man5/package-json.5
-rw-r--r--. 1 16119 16119 6138 17. pro 01.54 ./deps/npm/man/man5/package-lock-json.5
-rw-r--r--. 1 16119 16119 1267 17. pro 01.54 ./deps/npm/man/man5/shrinkwrap-json.5
-rw-r--r--. 1 16119 16119 4285 17. pro 01.54 ./deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/compile_commands_json.py
bash: ll./deps/npm/node_modules/node-gyp/tools/gyp/pylib/gyp/generator/compile_commands_json.py: Adresář nebo soubor neexistuje
Comment 20 errata-xmlrpc 2020-06-19 03:44:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:2625
Note You need to log in before you can comment on or make changes to this bug.