sethkinast
commented
7 years ago I would love to do something like stweem for 2.8 before 3, any thoughts @jimmyhchan ? Too much extra API?
Open sethkinast opened 7 years ago
sethkinast
commented
7 years ago I would love to do something like stweem for 2.8 before 3, any thoughts @jimmyhchan ? Too much extra API?
jimmyhchan
commented
7 years ago Hoping to keep the new feature work to a minimum. It's been a while since I saw the code base and it's been relatively stable.
sethkinast
commented
7 years ago OK, let's just wrap up these small issues and we'll call it good. There are actually a lot of commits since 2.7 branch.
jimmyhchan
commented
7 years ago Kind of want the security dep bump in the 2.7 branch. Wdyt?
sethkinast
commented
7 years ago It's kind of a silly bug if you look at it-- CLI has to be running in daemon mode, which it never does using dustc. So the bug is not exploitable in Dust. It's just on the public vulns so vulnscanners catch it.
https://nodesecurity.io/advisories/95
So pulling that bump into 2.7 doesn't actually make us any more secure IMO.
jimmyhchan
commented
7 years ago Agreed. Some folks have regular security audits.
jimmyhchan
commented
7 years ago re: the cli dependency, patch is in 2.7.5 and also at the tip of master.
Depending on what's in 2.8 / 3.0 we will likely need to cut a branch for 2.8 and cherry-pick some more.
jimmyhchan
commented
7 years ago FYI 2.8 is going to get delayed due to outside factors. Apologies in advanced.
samuelms1
commented
7 years ago Any update on the progress of the 2.8 release (rough ETA --- weeks / months)?
jimmyhchan
commented
7 years ago Sorry for the radio silence. ETA 2 weeks? Haven't had a chance to look at the remaining issues yet. Outside factors were resolved a few weeks ago, so no blockers... just got to get around to this.
samuelms1
commented
7 years ago Awesome, thanks
jimmyhchan
commented
7 years ago @samuelms1 it's been two weeks and haven't got much closer.
looks like i'll have to pull in my own code for #733
Dependency bumps in the works ...
npm outdated
Package Current Wanted Latest Location
grunt 0.4.2 1.0.1 1.0.1 dustjs-linkedin
grunt-bump 0.3.0 0.8.0 0.8.0 dustjs-linkedin
grunt-cli 0.1.13 1.2.0 1.2.0 dustjs-linkedin
grunt-contrib-clean 0.6.0 1.0.0 1.0.0 dustjs-linkedin
grunt-contrib-concat 0.5.1 1.0.1 1.0.1 dustjs-linkedin
grunt-contrib-connect 0.9.0 1.0.2 1.0.2 dustjs-linkedin
grunt-contrib-copy 0.8.2 1.0.0 1.0.0 dustjs-linkedin
grunt-contrib-jasmine 0.8.2 1.0.3 1.1.0 dustjs-linkedin
grunt-contrib-jshint 0.11.3 1.0.0 1.1.0 dustjs-linkedin
grunt-contrib-uglify 0.8.1 1.0.2 2.0.0 dustjs-linkedin
grunt-contrib-watch 0.6.1 1.0.0 1.0.0 dustjs-linkedin
grunt-github-changes 0.0.6 0.1.0 0.1.0 dustjs-linkedin
grunt-jasmine-nodejs 1.4.3 1.5.4 1.5.4 dustjs-linkedin
grunt-peg 1.5.0 2.0.1 2.0.1 dustjs-linkedin
grunt-shell 1.1.2 1.3.1 2.1.0 dustjs-linkedin
grunt-template-jasmine-istanbul 0.3.4 0.4.0 0.5.0 dustjs-linkedin
highland 2.4.0 2.8.1 2.10.1 dustjs-linkedin
pegjs 0.8.0 0.9.0 0.10.0 dustjs-linkedin
chokidar 1.5.2 1.5.2 1.6.1 dustjs-linkedin
grunt 0.4.2 1.0.1 1.0.1 dustjs-linkedin
grunt-bump 0.3.0 0.8.0 0.8.0 dustjs-linkedin
grunt-cli 0.1.13 1.2.0 1.2.0 dustjs-linkedin
grunt-contrib-clean 0.6.0 1.0.0 1.0.0 dustjs-linkedin
grunt-contrib-concat 0.5.1 1.0.1 1.0.1 dustjs-linkedin
grunt-contrib-connect 0.9.0 1.0.2 1.0.2 dustjs-linkedin
grunt-contrib-copy 0.8.2 1.0.0 1.0.0 dustjs-linkedin
grunt-contrib-jasmine 0.8.2 1.0.3 1.1.0 dustjs-linkedin
grunt-contrib-jshint 0.11.3 1.0.0 1.1.0 dustjs-linkedin
grunt-contrib-uglify 0.8.1 1.0.2 2.0.0 dustjs-linkedin
grunt-contrib-watch 0.6.1 1.0.0 1.0.0 dustjs-linkedin
grunt-github-changes 0.0.6 0.1.0 0.1.0 dustjs-linkedin
grunt-jasmine-nodejs 1.4.3 1.5.4 1.5.4 dustjs-linkedin
grunt-peg 1.5.0 2.0.1 2.0.1 dustjs-linkedin
grunt-saucelabs 8.6.3 8.6.3 9.0.0 dustjs-linkedin
grunt-shell 1.1.2 1.3.1 2.1.0 dustjs-linkedin
grunt-template-jasmine-istanbul 0.3.4 0.4.0 0.5.0 dustjs-linkedin
highland 2.4.0 2.8.1 2.10.1 dustjs-linkedin
pegjs 0.8.0 0.9.0 0.10.0 dustjs-linkedin
tmp 0.0.25 0.0.31 0.0.31 dustjs-linkedinthe vast majority of this is grunt 0.4 -> 1.0 but grunt-execute is stuck at 0.4 the pegjs bump from 0.9-> 0.10 would need to be confirmed.
really not seeing anything here worth bumping for.
windheartwen
commented
7 years ago Hi, I am interested in dustjs. Glad to know you guys are planning to release Dust 2.8. However, it has been half a year since the last time I saw any activities. So, I wonder when the next release will be?
samuelms1
commented
7 years ago @jimmyhchan @sethkinast Any news on Dust 2.8? Can I help in any way?
jimmyhchan
commented
7 years ago Hi @samuelms1 thanks for pinging this ticket. As you may have guessed, there's unfortunately no progress for 2.8. Many folks who were core contributors to the project have left to do other things and we (LinkedIn) owe the community an answer to the status of the project as is given how dormant it's been and how it's not officially marked as deprecated. I'm going to start this conversation internally.
How can you help?
I believe the major desire for 2.8 was the security audit fix. That fix was patched onto 2.7 leaving only fairly minor changes in the 2.8 release. It's been a while since I've combed through the project so I could be wrong. Any help for what features/commits are needed/desired would be greatly appreciated.
thomas-mindruptive
commented
7 years ago Thanks for the update!
samuelms1
commented
7 years ago @jimmyhchan The only change I was hoping to see was the fix for issue #753. We use promises a lot and have run into this issue multiple times. Looks like the commit is https://github.com/linkedin/dustjs/commit/d485a72706874b5f81d76df61197185a99d30523.
brianmhunt
commented
6 years ago 
Keyes
commented
6 years ago Hey @jimmyhchan and @sethkinast - is there any update on the official status of the project?
Tracking issue for the 2.8 release.
The goal of 2.8 is to wrap up the commits that have landed over the last year before work on a Dust 3.0.