New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace therubyracer with mini_racer #29285
Conversation
(@rails-bot has picked a reviewer for you, use r? to override) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much faster & quite stable.
I assume this is already compatible with rails maintained sprockets-dependent libs? |
Yeah it has been execjs compatible for a very long time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
therubyracer has been abandoned by Rails: rails/rails#29285 It is no longer compatible with the latest version of autoprefixer-rails: ai/autoprefixer-rails#137
therubyracer has been abandoned by Rails: rails/rails#29285 It is no longer compatible with the latest version of autoprefixer-rails: ai/autoprefixer-rails#137
therubyracer has been abandoned by Rails: rails/rails#29285 It is no longer compatible with the latest version of autoprefixer-rails: ai/autoprefixer-rails#137
I've upgraded from 4.1 to 5.2. I've replaced therubyracer with mini_racer, as a result I'm getting an error "Can't load file v8" I've also tried adding the libv8 gem. Its doesn't help. Any suggestions? |
The gem 'therubyracer' is dependent on an old version of libv8 with multiple security vulnerabilities and doesn't build easily on the latest version of macOS. Rails replaced it with the 'mini_racer' gem in the PR rails/rails#29285.
Use mini_racer which uses a up to date version of libv8 which has security fixes and recommended upstream in Rails for new applications which don't have pre-existing JavaScript runtimes in production. See rails/rails#29285
therubyracer is a relic, it depends on an ancient version of v8 that has multiple known security vulnerabilities
https://github.com/cowboyd/therubyracer/blob/master/therubyracer.gemspec#L20
In particular this is the equivalent of shipping a dependency to Chrome version 31.
Chrome 31 was released 2013-11-12
All places that talk about therubyracer or include it in templates should be replaced with mini_racer that depends on the most recent version of v8.
per: #29276 (comment)