Dust 2.8

[sethkinast]

Tracking issue for the 2.8 release.

The goal of 2.8 is to wrap up the commits that have landed over the last year before work on a Dust 3.0.

• "Missing one or more blocks" not helpful enough #733
• Update all dependencies (devdeps as well as cli dep) @jimmyhchan
  • peg is possibly the exception depending on compat
• Unexpected behavior of context.getTemplateName() #755
• Performance issue with 2.7.4 #751 (should be resolved in current peg in dust trunk)
• {?exists/} behavior different when using promises #752

[sethkinast]

I would love to do something like stweem for 2.8 before 3, any thoughts @jimmyhchan ? Too much extra API?

[jimmyhchan]

Hoping to keep the new feature work to a minimum. It's been a while since I saw the code base and it's been relatively stable.

[sethkinast]

OK, let's just wrap up these small issues and we'll call it good. There are actually a lot of commits since 2.7 branch.

[jimmyhchan]

Kind of want the security dep bump in the 2.7 branch. Wdyt?

[sethkinast]

It's kind of a silly bug if you look at it-- CLI has to be running in daemon mode, which it never does using dustc. So the bug is not exploitable in Dust. It's just on the public vulns so vulnscanners catch it.

https://nodesecurity.io/advisories/95

So pulling that bump into 2.7 doesn't actually make us any more secure IMO.

[jimmyhchan]

Agreed. Some folks have regular security audits.

[jimmyhchan]

re: the cli dependency, patch is in 2.7.5 and also at the tip of master.

Depending on what's in 2.8 / 3.0 we will likely need to cut a branch for 2.8 and cherry-pick some more.

[jimmyhchan]

FYI 2.8 is going to get delayed due to outside factors. Apologies in advanced.

[samuelms1]

Any update on the progress of the 2.8 release (rough ETA --- weeks / months)?

[jimmyhchan]

Sorry for the radio silence. ETA 2 weeks? Haven't had a chance to look at the remaining issues yet.
Outside factors were resolved a few weeks ago, so no blockers... just got to get around to this.

[samuelms1]

Awesome, thanks

[jimmyhchan]

@samuelms1 it's been two weeks and haven't got much closer.

looks like i'll have to pull in my own code for #733
#755 is going to require more thought. my PR is pretty ugly

Dependency bumps in the works ...

npm outdated
Package                          Current  Wanted  Latest  Location
grunt                              0.4.2   1.0.1   1.0.1  dustjs-linkedin
grunt-bump                         0.3.0   0.8.0   0.8.0  dustjs-linkedin
grunt-cli                         0.1.13   1.2.0   1.2.0  dustjs-linkedin
grunt-contrib-clean                0.6.0   1.0.0   1.0.0  dustjs-linkedin
grunt-contrib-concat               0.5.1   1.0.1   1.0.1  dustjs-linkedin
grunt-contrib-connect              0.9.0   1.0.2   1.0.2  dustjs-linkedin
grunt-contrib-copy                 0.8.2   1.0.0   1.0.0  dustjs-linkedin
grunt-contrib-jasmine              0.8.2   1.0.3   1.1.0  dustjs-linkedin
grunt-contrib-jshint              0.11.3   1.0.0   1.1.0  dustjs-linkedin
grunt-contrib-uglify               0.8.1   1.0.2   2.0.0  dustjs-linkedin
grunt-contrib-watch                0.6.1   1.0.0   1.0.0  dustjs-linkedin
grunt-github-changes               0.0.6   0.1.0   0.1.0  dustjs-linkedin
grunt-jasmine-nodejs               1.4.3   1.5.4   1.5.4  dustjs-linkedin
grunt-peg                          1.5.0   2.0.1   2.0.1  dustjs-linkedin
grunt-shell                        1.1.2   1.3.1   2.1.0  dustjs-linkedin
grunt-template-jasmine-istanbul    0.3.4   0.4.0   0.5.0  dustjs-linkedin
highland                           2.4.0   2.8.1  2.10.1  dustjs-linkedin
pegjs                              0.8.0   0.9.0  0.10.0  dustjs-linkedin
chokidar                           1.5.2   1.5.2   1.6.1  dustjs-linkedin
grunt                              0.4.2   1.0.1   1.0.1  dustjs-linkedin
grunt-bump                         0.3.0   0.8.0   0.8.0  dustjs-linkedin
grunt-cli                         0.1.13   1.2.0   1.2.0  dustjs-linkedin
grunt-contrib-clean                0.6.0   1.0.0   1.0.0  dustjs-linkedin
grunt-contrib-concat               0.5.1   1.0.1   1.0.1  dustjs-linkedin
grunt-contrib-connect              0.9.0   1.0.2   1.0.2  dustjs-linkedin
grunt-contrib-copy                 0.8.2   1.0.0   1.0.0  dustjs-linkedin
grunt-contrib-jasmine              0.8.2   1.0.3   1.1.0  dustjs-linkedin
grunt-contrib-jshint              0.11.3   1.0.0   1.1.0  dustjs-linkedin
grunt-contrib-uglify               0.8.1   1.0.2   2.0.0  dustjs-linkedin
grunt-contrib-watch                0.6.1   1.0.0   1.0.0  dustjs-linkedin
grunt-github-changes               0.0.6   0.1.0   0.1.0  dustjs-linkedin
grunt-jasmine-nodejs               1.4.3   1.5.4   1.5.4  dustjs-linkedin
grunt-peg                          1.5.0   2.0.1   2.0.1  dustjs-linkedin
grunt-saucelabs                    8.6.3   8.6.3   9.0.0  dustjs-linkedin
grunt-shell                        1.1.2   1.3.1   2.1.0  dustjs-linkedin
grunt-template-jasmine-istanbul    0.3.4   0.4.0   0.5.0  dustjs-linkedin
highland                           2.4.0   2.8.1  2.10.1  dustjs-linkedin
pegjs                              0.8.0   0.9.0  0.10.0  dustjs-linkedin
tmp                               0.0.25  0.0.31  0.0.31  dustjs-linkedin

the vast majority of this is grunt 0.4 -> 1.0 but grunt-execute is stuck at 0.4
the pegjs bump from 0.9-> 0.10 would need to be confirmed.

really not seeing anything here worth bumping for.

[windheartwen]

Hi, I am interested in dustjs. Glad to know you guys are planning to release Dust 2.8. However, it has been half a year since the last time I saw any activities. So, I wonder when the next release will be?

[samuelms1]

@jimmyhchan @sethkinast
Any news on Dust 2.8? Can I help in any way?

[jimmyhchan]

Hi @samuelms1 thanks for pinging this ticket. As you may have guessed, there's unfortunately no progress for 2.8. Many folks who were core contributors to the project have left to do other things and we (LinkedIn) owe the community an answer to the status of the project as is given how dormant it's been and how it's not officially marked as deprecated. I'm going to start this conversation internally.

How can you help?

I believe the major desire for 2.8 was the security audit fix. That fix was patched onto 2.7 leaving only fairly minor changes in the 2.8 release. It's been a while since I've combed through the project so I could be wrong. Any help for what features/commits are needed/desired would be greatly appreciated.

[thomas-mindruptive]

Thanks for the update!

[samuelms1]

@jimmyhchan The only change I was hoping to see was the fix for issue #753. We use promises a lot and have run into this issue multiple times. Looks like the commit is d485a72.

[brianmhunt]

#736 is important for Promise/A+ compliance

[Keyes]

Hey @jimmyhchan and @sethkinast - is there any update on the official status of the project?