Node.js Version in GitLab?

Hi all,

today i’ve seen there are some security issues with node.js, and there are fixes available for node.js v18, v16 and v14.

So i checked the node version im my GitLab CE v14.10.5 and it says:

root@myGitLab:~# node --version
v15.14.0

I’ve read a bit about node.js version numbers, and that doc states that odd version numbers are unsopported after six month. So i suppose that security fixes are not back-ported to odd node.js versions after this period.

So i have two questions here:

  • why does GitLab uses odd version numbers of node.js?
  • will there be a security fix for GitLab or do i have to upgrade node.js by myself (i don’t really want to…)?

Thanks…

Our GitLab(s) doesn’t have node.js installed and the debian packages of the omnibus installation doesn’t contain a binaryu called node, so I think that you see the a version you have installed yourself. A consequence is that you have to manage upgrade yourself.

Hm, i’m pretty sure no i haven’t installed node.js by myself. But anyway i’ll check my own docs…

Hi @HTWIMI

As @grove pointed out, GitLab does not ship Node.js with the GitLab product.

Binaries that are shipped with GitLab can be found in /var/opt/gitlab/embedded/bin, and all GitLab dependencies (and their version numbers) can be viewed in /opt/gitlab/version-manifest.txt.

You can find the location where node was installed by running which node on the system. If it’s living in /usr/bin or /usr/local/bin, this indicates nodejs was definitely installed separate from GitLab.

You can see if it was installed via package manager with apt list --installed node* or yum list --installed | grep node.

Hi @gitlab-greg, hi @grove

you’re both perfectly right, turned out my colleague and me misunderstood the docs when installing GitLab, that is we followed the requirement for an install from source and we then installed the Omnibus package :wink:

Thanks for clarifications…

1 Like