So event-stream 3.3.6 was removed from NPM because it depended on vulnerable flatmap-stream 0.1.1. But in Mastodon's dependency tree, we had event-stream 3.3.6 depending on flatmap-stream 0.1.0.
Anyway, because event-stream 3.3.6 was yanked from NPM all of our builds break right now
The unfortunate consequence is that Docker images for v2.6.3 cannot be built because of this. The upgrade will work fine for all existing non-Docker installations, but not fresh ones.
Ironically the event-stream dependency can be easily avoided. I'm removing it and then bumping to v2.6.4 so everyone can upgrade. Awkward situation though, I'm sorry.
@aeonofdiscord According to people who reported the vulnerabilty, the code was added to flatmap-stream 0.1.1
@Gargron Good thing I read this before trying to update my Docker install 😔
Such is life though, great work!
RAILS_ENV=production bundle exec rails assets:precompile
SyntaxError: /home/mastodon/live/lib/mastodon/version.rb:16: syntax error, unexpected <<
/home/mastodon/live/lib/mastodon/version.rb:18: syntax error, unexpected ===, expecting keyword_end
for v2.6.4 non-docker with ruby 2.5.3
Tbh this is a feature not a bug. At least in my eyes as a cranky old sysadmin who wants these containers to get off my lawn.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!