Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

drop Node.js v0.10 and v0.12 support #3016

Closed
4 tasks done
boneskull opened this issue Sep 27, 2017 · 10 comments
Closed
4 tasks done

drop Node.js v0.10 and v0.12 support #3016

boneskull opened this issue Sep 27, 2017 · 10 comments
Assignees
@boneskull
Labels
area: security involving vulnerabilities semver-major implementation requires increase of "major" version number; "breaking changes" type: chore generally involving deps, tooling, configuration, etc.
Milestone
v4.0.0

Comments

@boneskull
Copy link
Member

boneskull commented Sep 27, 2017
edited

We can no longer run our development environment on node.js v0.10/v0.12 (see request/request#2772) without adding a npm-shrinkwrap.json or doing other high-effort/low-reward things to work around this.

furthermore, it's making it more difficult to apply security fixes. at least one of these Node.js versions (v0.10) has known vulnerabilities which have gone unpatched (in an official capacity).

we should not continue to supply updates for these environments.

  • remove 0.10, 0.12, iojs & 5 from .travis-ci.yml and appveyor.yml
  • update engines field in package.json
  • necessary security upgrades (this includes debug and growl)
  • upgrade anything else we can get away with (stick to dev deps)

To be clear, Mocha still runs in Node.js v0.10 and v0.12; you just can't clone a working copy and run the test suite.
@boneskull boneskull added type: chore generally involving deps, tooling, configuration, etc. area: security involving vulnerabilities semver-major implementation requires increase of "major" version number; "breaking changes" labels Sep 27, 2017
@boneskull
Copy link
Member Author

also dump iojs because

@boneskull
Copy link
Member Author

also Node.js v5 is no longer maintained, so drop that too.

@ScottFreeCode
Copy link
Contributor

This week is the week we will merge as many semver-major updates as we can?

@boneskull
Copy link
Member Author

sure. I'll try to release EOD Fri to give people the weekend to find whatever we broke.

@boneskull boneskull mentioned this issue Sep 27, 2017
Merged
@boneskull
Copy link
Member Author

WIP PR: #3017

@boneskull boneskull self-assigned this Sep 27, 2017
@boneskull boneskull mentioned this issue Sep 27, 2017
Closed
@boneskull
Copy link
Member Author

@ScottFreeCode please throw stuff into kanban if you want to see it land

@ScottFreeCode
Copy link
Contributor

Will do; gotta turn in for the night but can focus on it tomorrow so we have the middle of the week to evaluate stuff.

@boneskull boneskull mentioned this issue Sep 27, 2017
Closed
@boneskull
Copy link
Member Author

closed via e39a867

@boneskull boneskull added this to the v4.0.0 milestone Sep 27, 2017
@ScottFreeCode
Copy link
Contributor

@boneskull Sorry this is later than I meant to get it, but I put a bunch of issues in a new kanban column "Evaluate for V4" -- the idea here being that we don't have to sort through the Todo or In Progress columns looking for which are semver-major and these don't necessarily need to go in, I'd just like them considered. (Again, apologies that there isn't much time left to consider them -- although some are either trivial or already have PRs, so there's that -- but that's also why I'm not saying any of them necessarily need to go in. Some of them you may have already looked at since they were labelled semver-major, as well.)

@ScottFreeCode
Copy link
Contributor

PS. If you need any feedback, opinions or assistance from me on any of them let me know and I'll get on it as fast as I'm able.

@boneskull boneskull mentioned this issue Sep 29, 2017
Merged
@commenthol commenthol mentioned this issue Oct 16, 2017
Closed
@dependencies dependencies bot mentioned this issue Dec 4, 2017
Merged
@dependencies dependencies bot mentioned this issue Jan 24, 2018
Merged
@renovate renovate bot mentioned this issue Feb 14, 2018
Merged
This was referenced Sep 22, 2018
Closed
Closed
Open
Closed
Merged
Merged
This was referenced Sep 23, 2018
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Oct 2, 2018
Closed
Closed
Closed
Open
@renovate renovate bot mentioned this issue Nov 1, 2018
Merged
This was referenced Nov 14, 2018
Merged
Closed
@renovate renovate bot mentioned this issue Nov 23, 2018
Merged
This was referenced Dec 1, 2018
Closed
Merged
Merged
This was referenced Dec 8, 2018
Closed
Merged
This was referenced Dec 23, 2018
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@boneskull boneskull

Labels
area: security involving vulnerabilities semver-major implementation requires increase of "major" version number; "breaking changes" type: chore generally involving deps, tooling, configuration, etc.
Projects
None yet
Milestone
v4.0.0
Development

No branches or pull requests
2 participants
@boneskull @ScottFreeCode