Drop node.js 12.x, 14.x, 17.x support

[etroynov]

Why we should drop old node.js version support?

There are both pros and cons to supporting as many versions of a language as possible. However, in my subjective opinion, the pros are much less than the cons and I will try to explain it.

Pros:

• you don't need to update the infrastructure often - a complete infrastructure update is sometimes fraught with complex problems and sometimes impossible;
• allows to work with libraries that do not work with new language versions (unsupported libraries) but they have no analogs to replace them;

Cons:

• security - unsupported versions of the language do not receive patches to fix critical vulnerabilities found;
• lack of new features - supporting and allowing the use of obsolete language versions sometimes blocks the use of new functionality. A good example of this is the express library which supports node.js

"node": ">= 0.10.0"

That's one of the reasons why the express doesn't support async/await of the box ( and I'm not sure that's gonna happen in the foreseeable future );

• human factor - When tools support even very old versions of a language, people and companies (if there is no such practice) often forget that it needs to be updated. As an example, I witnessed a hack of company resources through a language vulnerability that was fixed in the next major version, but since the company did not have the practice of regular updates (not a large company), the team only at that moment found out that the language version used on the server has long been unsupported, and it was not supported for a long time.

Summary

I think version 3 is a good reason to make it a practice to support only those versions that are active and regularly receive security patches.

Checklist

• I have ensured my pull request is not behind the main or master branch of the original repository.
• I have rebased all commits where necessary so that reviewing this pull request can be done without having to merge it first.
• I have written a commit message that passes commitlint linting.
• I have ensured that my code changes pass linting tests.
• I have ensured that my code changes pass unit tests.
• I have described my pull request and the reasons for code changes along with context if necessary.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.66%. Comparing base (6bd2cb1) to head (3b714b7).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1797   +/-   ##
=======================================
  Coverage   98.66%   98.66%           
=======================================
  Files           5        5           
  Lines         525      525           
  Branches      147      147           
=======================================
  Hits          518      518           
  Misses          7        7           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[etroynov]

@3imed-jaberi can you look on it?

[3imed-jaberi]

@etroynov could you please rebase!

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

🚮 Removed packages: npm/@eslint/js@8.56.0, npm/array-buffer-byte-length@1.0.0, npm/array-includes@3.1.7, npm/array.prototype.findlastindex@1.2.3, npm/array.prototype.tosorted@1.1.2, npm/arraybuffer.prototype.slice@1.0.2, npm/asynciterator.prototype@1.0.0, npm/available-typed-arrays@1.0.5, npm/call-bind@1.0.5, npm/deep-is@0.1.4, npm/define-data-property@1.1.1, npm/es-abstract@1.22.3, npm/es-iterator-helpers@1.0.15, npm/es-set-tostringtag@2.0.2, npm/eslint-module-utils@2.8.0, npm/eslint-plugin-react@7.33.2, npm/eslint@8.56.0, npm/fastq@1.16.0, npm/flat-cache@3.2.0, npm/flatted@3.2.9, npm/get-intrinsic@1.2.2, npm/get-symbol-description@1.0.0, npm/has-property-descriptors@1.0.1, npm/has-proto@1.0.1, npm/has-tostringtag@1.0.0, npm/hasown@2.0.0, npm/ignore@5.3.0, npm/internal-slot@1.0.6, npm/is-array-buffer@3.0.2, npm/is-map@2.0.2, npm/is-negative-zero@2.0.2, npm/is-set@2.0.2, npm/is-shared-array-buffer@1.0.2, npm/is-typed-array@1.1.12, npm/is-weakmap@2.0.1, npm/is-weakset@2.0.2, npm/json-buffer@3.0.1, npm/keyv@4.5.4, npm/minimist@1.2.8, npm/object.entries@1.1.7, npm/object.fromentries@2.0.7, npm/object.groupby@1.0.1, npm/object.hasown@1.1.3, npm/object.values@1.1.7, npm/punycode@2.3.1, npm/reflect.getprototypeof@1.0.4, npm/regexp.prototype.flags@1.5.1, npm/safe-array-concat@1.0.1, npm/safe-regex-test@1.0.1, npm/set-function-length@1.1.1, npm/set-function-name@2.0.1, npm/side-channel@1.0.4, npm/string.prototype.matchall@4.0.10, npm/string.prototype.trim@1.2.8, npm/string.prototype.trimend@1.0.7, npm/string.prototype.trimstart@1.0.7, npm/typed-array-buffer@1.0.0, npm/typed-array-byte-length@1.0.0, npm/typed-array-byte-offset@1.0.0, npm/typed-array-length@1.0.4, npm/which-collection@1.0.1, npm/which-typed-array@1.1.13

View full report↗︎

[etroynov]

@jonathanong @3imed-jaberi, done.

Thanks for the help!

My question is: is there an opportunity for me to join the Koa project as an active developer or maintainer? I have a lot of experience with JavaScript (over 15 years), I also work with Koa and Express every day and have a lot of free time.

If there is any documentation on the joining process or something similar, could you share the link?

[fengmk2]

+1