Pin to Node.js 10.13.0 #339
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Travis-CI has or will shortly make in early December 2018 a number of beneficial changes to their Linux continuous integration testing infrastructure. Changes that impact pelias/schema are: * Linux infrastructure combined into one (virtualized), from two previously (virtualized and container-based). [0][1] * Offering a more modern, supported Ubuntu Xenial (16.04 LTS). [2] * Modest speed improvements from the fully virtualized-based infrastructure. NOTE: Until openjdk/oraclejdk dependencies can be resolved on modern Ubuntu and Travis-CI environment, keep the image at Ubuntu Trusty (14.04 LTS). Projects using "sudo: false" (container-based infrastructure), have been recommended to remove that configuration soon. In any case, the transition will happen regardless for projects by December 7, 2018. [0] https://blog.travis-ci.com/2018-10-04-combining-linux-infrastructures [1] https://blog.travis-ci.com/2018-11-19-required-linux-infrastructure-migration [2] https://docs.travis-ci.com/user/reference/xenial/
Due to a limit to header sizes in the latest security releases of Node.js, combined with Elasticsearch's default of sending lots of deprecation warning errors as headers, we need to use slightly older versions of Node.js until either Elasticsearch offers more configuration options, or Node.js releases a CLI option for the header limit. See #337 for details
This is to prevent conflicts between ES5 deprecation headers (which can be quite large) and the Node.js 10.14.0+ header limit of 8kb. See #337
orangejulius
added a commit
that referenced
this pull request
Jan 15, 2019
…t in effect This avoids issues with Elasticsearch 5 headers and Node.js 8.14/10.14 as described in #339
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is just the changes from #337 to pin Node.js to 10.13.0.
Pinning is required because Elasticsearch 5 tends to output lots of header lines with deprecation notices, while Node.js 10.14.0 added an unconfigurable 8kb max size for headers, and all network requests with larger headers are dropped.
Eventually, Node.js will add a configuration flag for this (see nodejs/node#24811). Until then, pinning to 10.13.0 is a good stopgap. The Schema project does not accept incoming network requests, so it is not susceptible to the vulnerabilities the 8kb header limit was designed to protect against.