Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

drop Node.js v0.10 and v0.12 support #3016

Closed
4 tasks done
boneskull opened this issue Sep 27, 2017 · 10 comments
Closed
4 tasks done

drop Node.js v0.10 and v0.12 support #3016

boneskull opened this issue Sep 27, 2017 · 10 comments
Assignees
Labels
area: security involving vulnerabilities semver-major implementation requires increase of "major" version number; "breaking changes" type: chore generally involving deps, tooling, configuration, etc.
Milestone

Comments

@boneskull
Copy link
Contributor

boneskull commented Sep 27, 2017

We can no longer run our development environment on node.js v0.10/v0.12 (see request/request#2772) without adding a npm-shrinkwrap.json or doing other high-effort/low-reward things to work around this.

furthermore, it's making it more difficult to apply security fixes. at least one of these Node.js versions (v0.10) has known vulnerabilities which have gone unpatched (in an official capacity).

we should not continue to supply updates for these environments.

  • remove 0.10, 0.12, iojs & 5 from .travis-ci.yml and appveyor.yml
  • update engines field in package.json
  • necessary security upgrades (this includes debug and growl)
  • upgrade anything else we can get away with (stick to dev deps)

To be clear, Mocha still runs in Node.js v0.10 and v0.12; you just can't clone a working copy and run the test suite.

@boneskull boneskull added type: chore generally involving deps, tooling, configuration, etc. area: security involving vulnerabilities semver-major implementation requires increase of "major" version number; "breaking changes" labels Sep 27, 2017
@boneskull
Copy link
Contributor Author

also dump iojs because

@boneskull
Copy link
Contributor Author

also Node.js v5 is no longer maintained, so drop that too.

@ScottFreeCode
Copy link
Contributor

This week is the week we will merge as many semver-major updates as we can?

@boneskull
Copy link
Contributor Author

sure. I'll try to release EOD Fri to give people the weekend to find whatever we broke.

@boneskull
Copy link
Contributor Author

WIP PR: #3017

@boneskull
Copy link
Contributor Author

@ScottFreeCode please throw stuff into kanban if you want to see it land

@ScottFreeCode
Copy link
Contributor

Will do; gotta turn in for the night but can focus on it tomorrow so we have the middle of the week to evaluate stuff.

@boneskull
Copy link
Contributor Author

closed via e39a867

@boneskull boneskull added this to the v4.0.0 milestone Sep 27, 2017
@ScottFreeCode
Copy link
Contributor

@boneskull Sorry this is later than I meant to get it, but I put a bunch of issues in a new kanban column "Evaluate for V4" -- the idea here being that we don't have to sort through the Todo or In Progress columns looking for which are semver-major and these don't necessarily need to go in, I'd just like them considered. (Again, apologies that there isn't much time left to consider them -- although some are either trivial or already have PRs, so there's that -- but that's also why I'm not saying any of them necessarily need to go in. Some of them you may have already looked at since they were labelled semver-major, as well.)

@ScottFreeCode
Copy link
Contributor

PS. If you need any feedback, opinions or assistance from me on any of them let me know and I'll get on it as fast as I'm able.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: security involving vulnerabilities semver-major implementation requires increase of "major" version number; "breaking changes" type: chore generally involving deps, tooling, configuration, etc.
Projects
None yet
Development

No branches or pull requests

2 participants