Looking at the npm docs, we can specify versions of npm we support in
package.json without requiring them.
For example:
{ "engines" : { "npm" : "~1.0.20" } }
Read more here:
https://docs.npmjs.com/cli/v6/configuring-npm/package-json
On Fri, Feb 3, 2023 at 6:23 PM, Joshua Poore <poor...@apache.org> wrote:
> Complete agreement with that!
>
> With nothing else heard this week, I’ll bump our CI versions.
>
> I think maybe we can put together (or find) a badge we can put on GitHub
> Readme to indicate “supported versions.
>
> Now, supported versions are different than compatible versions… while I think
> we should only “support” certain versions of NODE, I don’t think I’m for
> forcing that, i.e., enforcing supported version through node engine params in
> package.json. I think if users want to use old versions of node, they can,
> but at their own risk with no expectation (from us) of support.
>
> Thoughts there?
>
> Josh
>
>> On Jan 30, 2023, at 11:56 PM, Austin Bennett <aus...@apache.org> wrote:
>>
>> Supportive of that.
>>
>> Would encourage us to also communicate more general guidance on what the
>> community intends to support [ or can expect ]. An example --> "We support 3
>> versions of Node, at least 2 of which are LTS". Or something similar. Good
>> for website, README, etc...
>>
>> Also, very strongly suggest that we consider stopping support of versions
>> once versions are EOL, given potential related security concerns. Concretely
>> thinking ahead, node16 is EOL 11 Nov 2023 [ 1 ]. After that point ( once EOL
>> ) software is increasingly dangerous to continue to use, not to mention
>> harder to support.
>>
>>
>> [1] https://nodejs.org/en/blog/announcements/nodejs16-eol/
>> <https://nodejs.org/en/blog/announcements/nodejs16-eol/>
>> On Mon, Jan 30, 2023 at 8:42 PM Joshua Poore <poor...@apache.org
>> <mailto:poor...@apache.org>> wrote:
>> Silly me—I forgot to couch this in the context of UserALE.js! For the
>> avoidance of doubt...
>>
>> > On Jan 30, 2023, at 11:37 PM, Joshua Poore <poor...@apache.org
>> > <mailto:poor...@apache.org>> wrote:
>> >
>> > All,
>> >
>> > I’ve been doing some simple dependency management—mostly for security, and
>> > to stay on top of modernization.
>> >
>> > We’re about at that time when some of the versions of Node.js that we test
>> > against are nearing (or past) the end of life [1].
>> >
>> > Consistent with [1], I think we should be testing and supporting Node vs.
>> > 16.x, 18.x, 19.x. Currently we are (CI) testing against 12.x, 14.x, 16.x.
>> >
>> > Before, we commit to any specific versions—I just wanted to pulse the
>> > community to see if anyone strongly opposes the proposal above, given the
>> > Node versions they are using.
>> >
>> > Let’s discuss for 72 hours. I’ll continue maintenance in the interim.
>> >
>> > Josh
>> >
>> > [1] https://endoflife.date/nodejs <https://endoflife.date/nodejs>
>>
