Stop using deprecated jugglingdb

Description

JugglingDB seems to be dead (See https://github.com/1602/jugglingdb/issues/437). Additionally it hasn't been updated for quite some time.

The Postgres adapter that you recommend for production hasn't been updated in over a year and is using a very old version of pg.

Activity

Show:
Scott O'Hara
July 25, 2017, 5:07 AM

Thanks Richard.

RichardS
July 24, 2017, 2:36 PM

We ended up installing jugglingdb-postgres from Git, pinning it to the following commit:

Of course this isn't great either but for now that's still the latest commit and it's been updated to work with Node 6. However ACE now supports Sequelize instead which I highly recommend using instead of Juggling which is apparently still a dead project.

Scott O'Hara
July 23, 2017, 11:54 PM

As of Jun 29, 2017, the README for ACEJS now provides the following guidance:

Specify a node version of 5.12.0 in your package.json to work around this issue.

This advice (to pin to an unsupported version of node.js) is potentially dangerous, given the recent node.js security vulnerability announcement affecting all versions of node back to 4.x.

As version 5.x of node is no longer supported, it does not receive security updates for issues such as the one linked above.

This leaves vendors who choose to deploy their ACEJS-based add-ons to Heroku and Heroku Postgres with two choices:

  1. Remain on the latest unsupported version of node.js (5.12.0) that is known to work with jugglingdb and be exposed to unpatched security issues; or

  2. Rollback to an earlier LTS version (4.8.4), and lose any features/fixes that shipped in node v5.x (and V8 version 47)

Neither of these are particularly palatable for vendors using ACEJS, given that there is a later LTS line (v6.x) and two subsequent non-LTS lines (v7.x and v8.x) of node.js now available.

For the sake and security of your vendors, please consider prioritising the removal of JugglingDB from ACEJS.

RichardS
March 27, 2017, 12:30 PM

I'm sorry that I keep coming back to this but I just had a new round of troubles dealing with juggling db when trying to upgrade our environment to Node 6.0 since support for 4.0 is expiring soon. When troubleshooting I stumbled across this https://github.com/1602/jugglingdb/issues/453 which indicates to me that the "revival" seems to have been somewhat of an empty promise.

What happened to the Sequelize implementation, is that ready to go or still in development?

Fixed

Assignee

Seb Ruiz

Reporter

RichardS