search

thatmattlove / hyperglass

hyperglass is the network looking glass that tries to make the internet better.
https://hyperglass.dev
BSD 3-Clause Clear License
594 stars 88 forks source link

Node 14 is EOL since May 2023 #226

Closed mowoe closed 10 months ago

mowoe commented 10 months ago

As you can see from this graphic, Node 14 is EOL for several months now. And so is the script mentioned in the getting started guide used to install node.

(The same can be said for Python 3.6 btw)

This is really bad security practice and should be changed.

thatmattlove commented 10 months ago

I'm aware of this and am working on a new release as time permits. Please see the note on the readme:

Unfortunately, I've been extremely busy in my work and personal life and haven't had a lot of time to dedicate to hyperglass recently. I'm hoping that will change soon, but in the meantime, hyperglass v1.0.0 might be unusable or unstable unless you're running Ubuntu 18.04, Python 3.6, and Node 14, which is probably a bad idea for security reasons. v2.0.0 is almost ready for release, but not quite yet.

mowoe commented 10 months ago

Thank you for your reply @thatmattlove! However, i dont understand why you closed this issue. The problem is still there and not fixed. Somewhat related: Would you be willing to accept contributions in regards to this? Simple things like increasing the recommended python version dont require a lot of code review from your side. However, seeing that the last merged PR was form 2 years ago, i dont think a lot of people are willing to contribute to this project.

thatmattlove commented 10 months ago

From the first part of the note:

hyperglass is under active development via the v2.0.0 branch. No further changes will be made to the v1.0.0 branch.

At this time, I'm not willing to put any further development efforts into v1.0.0. You'd be surprised at what updating the Python or Node versions might break with the various dependencies of the project, and what upgrading those dependencies might break as well. v2.0.0 is mostly usable. When I was working with a user to test it they ran into some runtime issues, but it's possible that was Linux-related and could be fixed now.

My current goal for the project is a ground-up rewrite in Go, borrowing a lot of the new configuration logic from v2. This will eliminate a lot of the past issues with the project since it'll be able to run as a single binary. I've already started on this, but as I mentioned, time is a factor out of my control at the moment.