search

winstonjs / winston-daily-rotate-file

A transport for winston which logs to a rotating file each day.
MIT License
895 stars 155 forks source link

Why Nodejs Requirement was increased in a minor update? #334

Closed Apollon77 closed 2 years ago

Apollon77 commented 2 years ago

I just noticed that a minor update to 4.6.0 in late december (https://github.com/winstonjs/winston-daily-rotate-file/commit/76d1d11963f014fdff5913191c0c35b14fc127e5) just increased the required nodejs version. But I can not see any other dependenc that requires that really?

Yes Nodejs 10 ( and formally also 8) is EOL but doing that breaking change in an minor update breaks other applications. We use the library in ioBroker and the "current stable" version used to also support Nodejs 10, but now this is broken :-(

Can you please adjust that back and release a 5.0 with the breaking change? Or was there any reason?

Thank you for further information

wbt commented 2 years ago

Tagging @mattberther as the responsible party

mattberther commented 2 years ago

This was done because of a recent upgrade of ESLint to address vulnerabilities. yargs-parser supports node versions > 8 and https://github.com/eslint/eslint/issues/15211 shows that ESLint 8+ does not support versions of Node < 12. However, you're right that this shouldnt have been a minor update.

The quickest fix would be to revert the package.json reference back to 8. Unfortunately, this quick fix would preclude us from running the tests on build, since both 8 and 10 are not supported with the current dependencies, albeit dev dependencies only.

A more comprehensive fix would be to revert the upgrade to address vulnerabilities, but I'm not too interested in keeping vulnerable dependencies in the project.

Apollon77 commented 2 years ago

I thought something like this ... maybe branch off from the "last version", do the release on the branch (or directly using npm publish in this case) and then directly publish a 5.0 from master? SOmething like that?

It is always the issue with devDeps (same for testing frameworks) not supporting the version ranges that the "prodiction deps" would allow :-(

mattberther commented 2 years ago

winston-daily-rotate-file@4.6.1 was just published which reverses the node engine requirement. Please let me know of any ongoing issues with this version.

Apollon77 commented 2 years ago

Thank you very much @mattberther