-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: add Node.js support policy #1671
Conversation
Hey @nknapp @ErisDS, thought you might find this interesting reading (It's the version support goals I've been drafting for Node.js libraries at Google): https://github.com/googleapis/google-cloud-node#supported-nodejs-versions I'm working on a more thorough blog post I'll share pulling together my thoughts. It's motivated by this exact challenge I've been watching handlebars deal with this week. Appreciate your hard work, and that open source can sometimes be incredibly frustrating 😆 Good thinking calling out your goals explicitly. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would kindly recommend against this. Dropping the minimum Node.js runtime is a breaking change.
The opinion I've developed, as a library maintainer, is that 30 months is reasonable amount of time to support a Node.js version (which is the LTS length). It creates a burden for maintainers to support EOL Node.js versions:
At the same time, I do strongly agree that dropping a Node.js version should be a major bump. Otherwise I think you'll have the unintended effect that people start pinning to specific versions of handlebars. I'm very sympathetic to handlebars' pain around dealing with the optimist vulnerability (it's frustrating to have work created for you, when you're already volunteering your time). |
@bcoe just wanted to say that I see your point and will think about it. I will try to briefly make my point as well: I belief that major version bumps should be never be done lightly, avoided if possible and carefully planned if necessary. Node.js drops support for an LTS version every year. If a security issue can only be resolved by upgrading a dependency to a new version and if that new version does not support the dropped Node.js version anymore, then we need to release a new major version of Handlebars, just because dropping support for the old version, even though we had no other breaking changes. Also, only a very small part of Handlebars depends on the version of node.js (only the precompiler). Most of the code (compiler, runtime) is transpiled at the moment and does not depend on any node.js API. So in the worst case, we have one major release every year with no other breaking changes. Maybe with only security fixes. This may well happen at our current speed of development and it really bothers me to have to do that. On the other hand I can understand the benefits of your point of view. As I said, I am thinking about it, and maybe we should discuss this again. |
@nknapp I think we should merge this into |
Hello @nknapp Good PR 👍 I agree with the PR changes as the workflow file https://github.com/handlebars-lang/handlebars.js/blob/master/.github/workflows/ci.yml#L20 mentions the minimum supported Node.js version is currently 18.x and Node.js projects depenending on GitHub Actions workflows are forced by GitHub Actions to updrade their projects to the supported Node.js version in https://github.com/actions/setup-node/ |
It's been a long time since I opened this MR and I would like to revert my statement. It should be a breaking change. I will close this PR now. @jaylinski maybe a pragrmatic approach to dropping the currently old node versions is to discard that changes that have been done one the master branch and start clean off 4.x to get a 5.0, except for the technical changes like using the external parser repo maybe. I don't know how much work you have put into the new version already, but all the features in there have been lying around for 8 years now without a release. I doubt that anybody really needs them. |
Initiated by #1668 we had a discussion about support for Node.js versions. This is the write-up of result.