Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to node 4.8.5, 6.11.5, and 8.8.0 with yarn 1.2.1 to fix a DOS security vulnerability #555

Merged
merged 5 commits into from
Oct 25, 2017
Merged

Upgrade to node 4.8.5, 6.11.5, and 8.8.0 with yarn 1.2.1 to fix a DOS security vulnerability #555

merged 5 commits into from
Oct 25, 2017

Conversation

pokle
Copy link
Contributor

@pokle pokle commented Oct 25, 2017

@pokle
Copy link
Contributor Author

pokle commented Oct 25, 2017

The build failed because it timed out doing a docker pull of a dependency. How do I restart the travis build? https://travis-ci.org/nodejs/docker-node/builds/292447040

@pokle pokle changed the title Upgrade to node 4.8.5, 6.11.5, and 8.8.0 with yarn 1.21 to fix DOS security vulnerability Upgrade to node 4.8.5, 6.11.5, and 8.8.0 with yarn 1.21 to fix a DOS security vulnerability Oct 25, 2017
@SimenB
Copy link
Member

SimenB commented Oct 25, 2017
edited
Loading

Our policy states that yarn should be updated on all new node releases, so I reverted that commit. (https://github.com/nodejs/docker-node/blob/master/CONTRIBUTING.md#version-updates)

I also updated the script we use for generating PRs to docker hub.

Other than that, I'll merge as soon as CI is green 🙂

Thanks!

SimenB

This comment was marked as off-topic.

Sign in to view

@SimenB
Copy link
Member

SimenB commented Oct 25, 2017
edited
Loading

@tianon @yosifkit We're seeing timeouts on CI doing at the first stage FROM buildpack-deps:*. Is that a known issue? It seems to progress after ~5-6 minutes, but not always, making travis kill it for being unresponsive

@nodejs/docker Thoughts on merging regardless of CI timeout?

EDIT: Node@6 build just timed out on the same thing

EDIT2: And there 4 & 8 timed out as well

I'm gonna merge this in 1 hour unless someone yells at me not to (11:30 CEST)

@SimenB SimenB changed the title Upgrade to node 4.8.5, 6.11.5, and 8.8.0 with yarn 1.21 to fix a DOS security vulnerability Upgrade to node 4.8.5, 6.11.5, and 8.8.0 with yarn 1.2.1 to fix a DOS security vulnerability Oct 25, 2017
PeterDaveHello

This comment was marked as off-topic.

Sign in to view

@SimenB SimenB merged commit 7701eea into nodejs:master Oct 25, 2017
@SimenB SimenB mentioned this pull request Oct 25, 2017
Merged
@SimenB
Copy link
Member

SimenB commented Oct 25, 2017

docker-library/official-images#3621

Thanks @pokle!

@SimenB SimenB mentioned this pull request Nov 3, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PeterDaveHello PeterDaveHello PeterDaveHello approved these changes

@SimenB SimenB SimenB approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pokle @SimenB @PeterDaveHello