fix: Update node version #6789
fix: Update node version #6789
Conversation
alexandersperling
commented
May 8, 2024
alexandersperling
commented
- Update node version to solve CVE-2024-21892
* Update node version to solve CVE-2024-21892
|
Thank you for the PR! This project just wraps the version used in VS Code, since that is the one that is tested and supported by them: https://github.com/microsoft/vscode/blob/main/remote/.yarnrc Once they have updated, we can as well. |
|
they now updated the version to 20.9.0, but this wont fix the CVE either... |
|
Oh weird I wonder why they chose to do that. Oh it probably matches whatever Node version is being used in Electron... |
|
I wonder if it should work with node https://github.com/microsoft/vscode/blob/main/.nvmrc You know why there are differences with the .yarnrc you linked before and the general node version used in the repo? |
I am not sure, that does seem weird. 🤔 |
|
@code-asher they now updated to 20.11.1 and so did I 😄 |
|
Awesome! We update VS Code on each release so we will need to wait until 1.90.0 or maybe 1.91.0. |
|
Thanks again for the PR! We ended up doing this as part of the VS Code upgrade so I will close this. Weirdly, 20.11.1 keeps failing in CI (core dump) so I am trying out 20.12.1 from the .nvmrc instead. It looks like they build with .nvmrc (20.12.1) but then they ship with the .yarnrc (20.11.1). I am not sure why they ship with a version that is different than the one they build with. I am going to try both building and shipping with 20.12.1 and hopefully that is fine. Might be that we will need to follow the .nvmrc from now on rather than the .yarnrc, so I think your intuition was right. Edit: 20.12.1 also segfaults, trying some things out here: #6830 |
