New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: add Node.js support policy #1671
base: 4.x
Are you sure you want to change the base?
Conversation
Hey @nknapp @ErisDS, thought you might find this interesting reading (It's the version support goals I've been drafting for Node.js libraries at Google): https://github.com/googleapis/google-cloud-node#supported-nodejs-versions I'm working on a more thorough blog post I'll share pulling together my thoughts. It's motivated by this exact challenge I've been watching handlebars deal with this week. Appreciate your hard work, and that open source can sometimes be incredibly frustrating 😆 Good thinking calling out your goals explicitly. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would kindly recommend against this. Dropping the minimum Node.js runtime is a breaking change.
The opinion I've developed, as a library maintainer, is that 30 months is reasonable amount of time to support a Node.js version (which is the LTS length). It creates a burden for maintainers to support EOL Node.js versions:
At the same time, I do strongly agree that dropping a Node.js version should be a major bump. Otherwise I think you'll have the unintended effect that people start pinning to specific versions of handlebars. I'm very sympathetic to handlebars' pain around dealing with the optimist vulnerability (it's frustrating to have work created for you, when you're already volunteering your time). |
@bcoe just wanted to say that I see your point and will think about it. I will try to briefly make my point as well: I belief that major version bumps should be never be done lightly, avoided if possible and carefully planned if necessary. Node.js drops support for an LTS version every year. If a security issue can only be resolved by upgrading a dependency to a new version and if that new version does not support the dropped Node.js version anymore, then we need to release a new major version of Handlebars, just because dropping support for the old version, even though we had no other breaking changes. Also, only a very small part of Handlebars depends on the version of node.js (only the precompiler). Most of the code (compiler, runtime) is transpiled at the moment and does not depend on any node.js API. So in the worst case, we have one major release every year with no other breaking changes. Maybe with only security fixes. This may well happen at our current speed of development and it really bothers me to have to do that. On the other hand I can understand the benefits of your point of view. As I said, I am thinking about it, and maybe we should discuss this again. |
@nknapp I think we should merge this into |
Initiated by #1668 we had a discussion about support for Node.js versions. This is the write-up of result.