-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
process.versions does not list all bundled dependencies #45260
Comments
For contributors looking for where to start; the versions are included in |
Is this possible to give indications about how to get version of full-js libs (like |
For |
The other concern is the policy regarding update of deps. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as resolved.
This comment was marked as resolved.
Would parsing the package.json for all js libraries and then including them be a good idea? put quite some thought into it this is the only one that came to my mind from my limited knowledge, would love to know about any other possible way of including this in cpp code |
process.versions is not returning undici version, this PR will read the version number from undici/src/package.json and add it to result. If this approach is ok then other missing libraries will be added Fixes:nodejs#45260
process.versions is not returning undici version, this PR will read the version number from undici/src/package.json and add it to result. If this approach is ok then other missing libraries will be added Refs:nodejs#45260
Let me push back on this a little. I don't think it's necessary to list version numbers for "static" dependencies (things that are always built into the binary and never linked dynamically) because those are: a) fixed, and b) implementation details that aren't relevant most of the time When the configure script grows e.g. a Likewise, a hypothetical But things that are hidden and immutable? No point in listing them. |
From a functional perspective, perhaps. However, when producing something like an SBOM, it's important detail that should be included. |
Not sure I follow. Can you give an example when that's relevant? SBOM = Source Bill Of Materials? |
SBOM == Software Bill of Materials. See background info here: https://www.ntia.gov/SBOM To be certain, the Also to be clear, I'm not suggesting that this is the only reason we should provide this additional detail. |
Attempted to update undici version when the update scripts are run Fixes: nodejs#45260 Refs: nodejs#45599
Added version info of |
Pending Version Additions
|
I've looked through the linked pull requests but the version number parsing all feels kind of fragile and ad hoc. I again question the wisdom of doing this. |
Attempted to update undici version when the update scripts are run Fixes: nodejs#45260 Refs: nodejs#45599
PR-URL: nodejs#45639 Refs: nodejs#45260 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: theanarkh <theratliter@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
src: add cjs_module_lexer_version base64_version PR-URL: nodejs/node#45629 Refs: nodejs/node#45260 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
src: add cjs_module_lexer_version base64_version PR-URL: nodejs/node#45629 Refs: nodejs/node#45260 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
The
process. Versions
API lists the versions of vendored dependencies that are bundled into Node.js. Unfortunately, it only shows a subset. Notably missing from the list are:deps/acorn
deps/base64
deps/cjs-module-lexer
deps/histogram
deps/undici
deps/uvwasi
The text was updated successfully, but these errors were encountered: