Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop node v18 #3880

Merged
merged 2 commits into from
Nov 26, 2024
Merged

Drop node v18 #3880

merged 2 commits into from
Nov 26, 2024

Conversation

mcollina
Copy link
Member

No description provided.

Signed-off-by: Matteo Collina <hello@matteocollina.com>
@mcollina mcollina requested a review from ronag November 25, 2024 16:17
@mcollina
Copy link
Member Author

cc @trivikr

Signed-off-by: Matteo Collina <hello@matteocollina.com>
@KhafraDev
Copy link
Member

I haven't seen any reason to drop v18. Nothing in fetch or other web specs needs it gone, and it's in maintenance mode for another 5 months. Is there any reason other than precedence? If precedence is the main concern, there were genuine issues with previous versions of node that required us to drop them - I can't think of any similar issues in v18.

@trivikr
Copy link
Member

trivikr commented Nov 25, 2024

@KhafraDev I'd provided estimates on how long unidici maintainers have to support Node.js 18.x in #3386 (comment) after it's end-of-life.
In summary, it needs to be supported for at least 6 months under the assumption that undici@v8 is released in Dec 2025.

Matteo also provided how dropping Node.js 18.x will ease maintenance of undici@v7 in #3386 (comment)

@trivikr
Copy link
Member

trivikr commented Nov 25, 2024

As per #3386 (comment) on tracking issue, @KhafraDev is -0 in dropping support for Node.js 18.x in undici@v7

Copy link
Member

@trivikr trivikr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but this needs approval from a maintainer.

@ronag ronag merged commit 1b35a4e into main Nov 26, 2024
34 of 36 checks passed
@metcoder95 metcoder95 deleted the drop-node-18 branch November 26, 2024 07:28
@@ -128,7 +128,7 @@
"ws": "^8.11.0"
},
"engines": {
"node": ">=18.17"
"node": ">=20.18.1"
Copy link

@RobinTail RobinTail Dec 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what was the reason for choosing this particular version, @mcollina ?
Since it drops not only 18.x, but almost entire 20.x except its latest release available today

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because it's the latest version that was available at the time of the release. You should not be using anything else.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The latest Android version is 15, so the all developers should do applications only for Android 15?

I just decided to install undici, but it now forces me to update my Node 20.18.0 to 20.18.1 only because mcollina decided so.

Did you know that minimum requirements are set only to indicate that with lower requirements, the software will not work, and not because some person decides for others what to use and what not to use?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could not express it better, @AlttiRi , thank you.

I suggested a fix to allow at least 20.9.0+:
#3918

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The latest Android version is 15, so the all developers should do applications only for Android 15?

This is not a good analogy. A good analogy is slightly different: should Google recommend the use of anything but the latest patch available for that given version? As we speak, this is 15.0.0_r5. Why would Google recommend the use of a version that contains known vulnerabilities? You can find the details related to Android CVEs here: https://source.android.com/docs/security/bulletin/2024-11-01#spl-vulnerability-details.

Copy link

@AlttiRi AlttiRi Dec 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

engines.node field is not about "recommendations".

The purpose of this field is to show which versions of Node.js the library will work on and which will not.

Wrong use of this field feels like not a recommendation, but a force to update Node.js.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants