-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(cache): Switch to lru-cache to save ourselves from unlimited memory consumption #38
Conversation
@isaacs heads up that this was a breaking change for node < 4 in a non-major version. There's no "engines" declaration and you didn't stop testing on node 4 until after this was landed. I'm using yargs 7 → read-pkg-up 1.0.1 → read-pkg 1.1.0 → normalize-package-data 2.5.0 → hosted-git-info 2.8. I'm not using a lockfile because it's in a package, not an app, and it'd be really appreciated if 2.8+ could be reverted, and republished as v3. (another alternative would perhaps be to use an older version of lru-cache that didn’t use node 4+ syntax) |
Sure, I can do that. But seriously. @ljharb. You gotta have a frank talk with whoever you're supporting who uses node < 4. It's not safe. They're putting their systems at risk. Whatever the cost to upgrade, it surely is less than the cost of getting pwned, and if they're doing new builds with new OSS code, this problem will only get worse. |
…ted memory consumption" This reverts commit e518222. #38 (comment) Will un-revert in semver-major bump.
Thanks, appreciate it. |
@ljharb Done. Have you had a sit-down with whoever is running your code on node 0.x yet? It's irresponsible to let them continue doing this. |
Thanks! It’s not necessarily irresponsible. There are many uses of node, and many tech stacks, that make the insecurities of old versions irrelevant. (Additionally, although not for this package, old node is a great standin for old browsers, so on anything that could run in browsers, it’s very useful to maintain support) |
BREAKING CHANGE: this drops support for ancient node versions. See npm/hosted-git-info#38 (comment)
BREAKING CHANGE: this drops support for ancient node versions. See npm/hosted-git-info#38 (comment)
No description provided.