Version 9 EOL & End of Support (even for security issues) #2877
Comments
joshgoebel
added
big picture
|
hello I try to upgrade highlight with npm in node and typeorm but I don't find the folder ... and you don't explain ho to do .... could you explain ? thanks ! |
|
could you remove the warning when ou install highlight 10.4 : I have already the warning for 9 version .... thanks a lot ! |
|
There is no warning on the new version. |
|
Hello @joshgoebel
Deprecation must be instrumented with Thanks :) |
|
The warning should only be on post-installation.
Yes, the entire 9 series is no longer supported. We pushed one last update to 9 just so anyone still using 9 would have a window to work on upgrading to 10. It's not intended that anyone use 9.18.14 long-term. The intention is that everyone upgrades to v10.
Yes, we're deprecating them also. I'm not sure anyone pays attention to those though. I certainly haven't in the past. |
|
This is exactly the problem. My users install the cli and have an unexpected warning in full page, for a dependency that does not concern them (nor me for that matter). I can fix this problem because the helper-markdown maintainer is responsible to update his code. I think the right solution is to use See you |
|
First time doing something like this on NPM. :-) Yes, I understand the issue you're raising now. We need to think about what message we intend to send to users where we are not a direct dependency. Which we didn't take into account (though it seems obvious in hindsight). Are there specific guidelines published somewhere that specifically say "don't do this" with post-install? It's definitely annoying that the "end user" here doesn't have a direct course of action, but I assume they would bug you, then you would bug upstream, etc... The intended message was supposed to be more of "you REALLY need to upgrade" vs "hey this is old now". I feel like maybe there is no great choice here (or I just don't know best practices). I feel deprecation alone is too quiet and it's possible post-install is too noisy... I'll talk it over with the team. I assume at this point we'd have to push out yet another release just to remove the warning, right? :-| |
|
Are there specific guidelines published somewhere that specifically say "don't do this" with post-install?
|
Did you have a suggestion other than deprecate?
What level of intrusion would you find reasonable? (just curious) :-) |
|
Hello, the warning message when prompted for this version upgrade has some impact on the visual effect. It will prompt the version upgrade every time you save the file. Because we rely on other libraries, we don’t have the permission to update, but the upgrade prompt message will be updated every time during our development process. It will prompt you every time you save the file, which is very unfriendly! |
|
@joshgoebel Line 33 in c34318b |
Only one or two lines with the link is enough, not a big banner. This is the responsibility of each maintainer to upgrade his dependencies. Your point is just to said to theses maintainers to upgrade his dependencies. If the maintainer doesn't have a time or doesn't want upgrade it, isn't not your responsibility ;). Your work is accomplished as long as you have indicated that version 9 is deprecated and that you will no longer support it for many very justified reasons (and posted on your github project). My point is, because you've added this banner, it has a direct impact on my CLI installation (and user experience), when any developer install/use it on his system. It's not something that I wanted and I don't want to have feedback on a subject that is not my scope either ;)
npm deprecated is the standard for your problem (or I forgot something). So I haven't other solution. |
|
I would also like to echo what @Romakita has said. I think your job would be done, when you put out a warning saying this isn't supported any more and you have to go for new version. It is completely up to the maintainers to upgrade or not, their dependencies according to their requirements. Any issues they would face in future due to not upgrading to the latest version should be completely owned by them. If you see the two bugs(one raised by me) where this issue has been mentioned, I believe both of them have no direct connection with what is currently there, but the impact is a bit big. |
|
@ZQun Probably helpful to discuss the
That's a bit unusual... why are you running |
That's what I thought I was doing. I don't consider deprecate a "warning". The warning is visual (for sure) but if it actually BREAKS someones build I don't understand why... taht's what I'd be very curious to understand before we decide what to do here. |
|
@mgm19 I saw your single issue, is there two? |
@joshgoebel
|
|
Ah, I understand what you mean now. Yeah, it is a bit more annoying if you're restarting your whole application every time a single file is saved. |
@joshgoebel |
|
@ZQun Well, it's not causing any harm other than being a little noisy... in development you could simply comment out the warning line in I'm still trying to figure out how we want to approach this big-picture. |
|
@joshgoebel For me it's not the visual impact to be honest. I am using https://github.com/DannyDainton/newman-reporter-htmlextra to generate html reports for our API testing using Postman and Newman. The reporter have a dependency with highlight. So now I have a step in my Pipeline in which I use powershell script to run my collection and generate a report using the reporter. The step is now failing with an ##[error] badge. Since this step decides whether my pipeline should pass or fail, I can't suppress this error. |
|
@mgm19 Yes, I see your issue now. Just to be clear though we are NOT raising (or logging) any kind of error, only a warning. Your build system is choosing to interpret the warning as an error. |
|
$ ZAPIER_BASE_ENDPOINT='' node scripts/docs.js && cp -r docs ../.. Version 9 of Highlight.js has reached EOL and is no longer supported. Please upgrade or ask whatever dependency you are using to upgrade. highlightjs/highlight.js#2877 Done in 1.97s. in packages/cli
If you're trying to upgrade your (or someone else's dependencies) you may want to see A note about upgrading dependencies from version 9 version 10 big picture
A recent vulnerability has brought the topic of version 9 support back into the forefront. The core team doesn't really have the time or focus to maintain two very different forks of the project. Especially since the version 9 only truly exits to service a tiny audience (IE11, <1% browser share by caniuse.com). We were kind of OK letting it live a bit longer as long as it didn't require any time/effort from us, but that's no longer proving to be the case.
It's so obvious that v10 and modern browsers (released in the last ~4-5 years) is where we need to be focusing our time, not supporting very old browsers. So if you're still using version 9:
If you aren't supporting IE11 users (or others with very obscure browsers)
You need to upgrade to v10. No question. For 90% of simple cases it's a trivial upgrade. For complex integrations it may be a bit more effort (like most things). https://github.com/highlightjs/highlight.js/blob/master/VERSION_10_UPGRADE.md
If you're supporting IE11 users (or others with very obscure browsers)
Someone truly requiring IE11 support for "enterprisey" projects should perhaps look at Prism.js, which is a great project that still supports IE11. Or perhaps consider maintaining their own private fork of version 10 that supports IE11. This should still technically be possible now (AFAIK) but may prove more difficult as time goes on.
So here is the current plan:
So v9 users would want to upgrade to the latest v9 release and then either start working on upgrading to v10 or come up with other plans.
The text was updated successfully, but these errors were encountered: