The unfortunate consequence is that Docker images for v2.6.3 cannot be built because of this. The upgrade will work fine for all existing non-Docker installations, but not fresh ones.
Conversation
Notices
-
Eugen (gargron@mastodon.social)'s status on Saturday, 01-Dec-2018 02:53:50 JST 
Eugen
- isidai, 鼻毛スライサー, 金具✅ and ほた repeated this.
-
Eugen (gargron@mastodon.social)'s status on Saturday, 01-Dec-2018 02:43:17 JST
Eugen
So event-stream 3.3.6 was removed from NPM because it depended on vulnerable flatmap-stream 0.1.1. But in Mastodon's dependency tree, we had event-stream 3.3.6 depending on flatmap-stream 0.1.0.
Anyway, because event-stream 3.3.6 was yanked from NPM all of our builds break right now
-
Eugen (gargron@mastodon.social)'s status on Saturday, 01-Dec-2018 03:26:59 JST
Eugen
Ironically the event-stream dependency can be easily avoided. I'm removing it and then bumping to v2.6.4 so everyone can upgrade. Awkward situation though, I'm sorry.
-
鼻毛スライサー (hanage999@mastodon.crazynewworld.net@mastodon.crazynewworld.net)'s status on Saturday, 01-Dec-2018 05:51:13 JST 
鼻毛スライサー
@Gargron Thank you so much for the immediate fix!
All senooken JP Social content and data are available under the