1151811 – nodejs bundles punycode

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1151811 - nodejs bundles punycode

Summary: nodejs bundles punycode

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nodejs
Sub Component:
Version:	21
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	T.C. Hollingsworth
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-10-12 01:44 UTC by Dan Callaghan
Modified:	2015-11-04 23:30 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-04 23:30:03 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dan Callaghan 2014-10-12 01:44:25 UTC

I noticed that nodejs bundles the punycode module from: http://mths.be/punycode

I just filed a review request for nodejs-punycode (bug 1151809).

However I'm not really sure if/how this can be fixed, given that nodejs seems to statically compile all its standard library modules into the binary itself(!?) and they have that whole thing against a global module path...

Comment 1 T.C. Hollingsworth 2014-10-13 17:07:53 UTC

The "punycode" module was absorbed into the Node.js standard library in v0.6,2 to allow for IDN support to be added to other standard library modules like 'http'.  I don't really think this counts as bundling, otherwise lots of Python standard library modules like "subprocess" would be in trouble too.  ;-)

It remains available as a seperate npm module for use with older nodejs versions, but the punycode.js upstream README file now reccomends that the standard library version be used whenever possible.  Accordlingly, in Fedora we really shouldn't package this and instead use the standard library version.  Just add `%nodejs_fixdep -r punycode` to the %prep section of any packages that depend on punycode to avoid the automatic dependency and the package will automatically pick up the standard library vbersion instead.

Comment 2 Dan Callaghan 2014-10-13 23:31:10 UTC

Hmm. So I filed the review for nodejs-punycode not because I want it in nodejs, but because I want it in the browser. And I don't need punycode itself, but it's bundled in URI.js (bug 1151810).

So I guess the question is: who is the official upstream for this module now? If nodejs is now officially the upstream for it, can we produce a browser version of it somehow in the nodejs build? Then js-URIjs can depend on that and I can forget about the nodejs-punycode package.

Comment 3 T.C. Hollingsworth 2014-10-21 19:03:12 UTC

(In reply to Dan Callaghan from comment #2)
> So I guess the question is: who is the official upstream for this module
> now? If nodejs is now officially the upstream for it, can we produce a
> browser version of it somehow in the nodejs build? Then js-URIjs can depend
> on that and I can forget about the nodejs-punycode package.

Looking at your nodejs-URIjs package, it seems you just use the js-punycode package to build, not the nodejs-punycode package.  So I would just package js-punycode without the nodejs bits.

Comment 4 T.C. Hollingsworth 2014-10-21 19:06:14 UTC

For the nodejs side of this I think it would be nicer if I added the necessary Provides to the main nodejs package (ala Perl) so we don't have to override the dependency generator as stated above to use the standard library version.  Reopening for that.

Comment 5 T.C. Hollingsworth 2014-10-21 19:20:03 UTC

(In reply to T.C. Hollingsworth from comment #4)
> For the nodejs side of this I think it would be nicer if I added the
> necessary Provides to the main nodejs package (ala Perl) so we don't have to
> override the dependency generator as stated above to use the standard
> library version.  Reopening for that.

Done in Rawhide and in git for all stable branches.  I don't think this is worth pushing a stable update for so we'll leave it for the next upstream bugfix release.

With this change, any packages that depend on the "punycode" module will Just Work without need to use %nodejs_fixdep or package nodejs-punycode separately.

A js-punycode package should still be created for the benefit of vanilla JavaScript users.

Comment 6 Fedora End Of Life 2015-11-04 15:59:22 UTC

This message is a reminder that Fedora 21 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 21. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '21'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 21 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 7 Dan Callaghan 2015-11-04 23:30:03 UTC

(In reply to T.C. Hollingsworth from comment #5)
> Done in Rawhide and in git for all stable branches.

I'm assuming this has gone out at some point now, therefore closing.

Note You need to log in before you can comment on or make changes to this bug.