-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Libuv v1.x maintenance #1657
Comments
EOL for 22.x is scheduled for 2027-04-30, which, assuming we're able to upgrade to libuv v2 before 24.0.0, should be the last release LTS line with libuv v1. Whichever of the three options we take, I'd be in favor of cutting 22.x support short, e.g. either set it at the same time as 20.x EOL (on 2026-04-30), or at the same time as 24.x will transition to Maintenance (on 2026-10-20). |
Thanks for the courtesy call! When is the libuv v2 ETA? Could it be shipped before March 2025, so it can land in Node.js v24? My 2 cents is that we should keep maintaining libuv v1 in tree in the Node.js project for the LTS branches and backport whatever security fixes are needed there for the LTS branches. If/when we need a specific backport for a bugfix, we would call for volunteers. @marco-ippolito @ljharb, are those (potential) security backports something that HeroDevs could take care of? You'll need to do the work anyway. I'm +1 to cut the v22 maintenance window shorter than when v24 enters maintenance (2026-10-20). |
No ETA yet. |
is there a way I can see all the v2-bound features? I thought there was a v2-candidate branch or PRs labelled as v2, but couldn't find either. |
As a data point, while all of the supported Node.js releases lines are on libuv v1, not all of them are on the most recent. Node.js 18 is currently still on libuv 1.44.2 (due to regressions seen on Node.js 20 with later libuv versions, see nodejs/node#50036) and nodejs/node#51702 backported the fix for GHSA-f74f-cvh7-c6q6 to it. (Without checking I don't know if it's feasible to update now -- at one point libuv dropped support for older macOS versions that Node.js 18 technically still supported.) I'm -1 on changing the lifecycle of Node.js 22 now that it's LTS. The whole point of LTS is to have a known lifecycle you can plan around, and we should only be changing as a last resort. |
Look at libuv's master branch. There will likely be more backwards incompatible changes before the release though. |
See the linked issue for the ongoing discussion. |
I agree, should try to keep to the planned LTS lifecyle |
On the assumption that there would be no updates for v1 I'd agree with @mcollina's suggestion:
|
It still feels a bit early with libuv v2 ETA still not decided, but once it's decided I think a general way forward is:
Generally 4-5 wouldn't be to different from whatever that happens to Node.js's own bugs, if the bug in libuv affects Node.js then I imagine how it works is that it ends up on the radar of TSC somehow, and the TSC might request some budget from the CPC if it's deemed to be prioritized over other issues in Node.js that also need funds. Cutting the LTS short doesn't seem necessary, this just puts libuv in the same situation as V8, unless libuv v1 is somehow more bug-prone than all the years-after-EOL V8 versions we maintain in the LTS.. |
Context: libuv/libuv#4622
Node.js still considers libuv an essential component? Because I've got news!
A number of libuv maintainers have expressed the desire to release libuv v2. That's a conundrum for node LTS because v2 won't be API- or ABI-backwards compatible and we're not going to support v1 until 2027 or 2028, or whenever the last v1-based LTS goes EOL.
I think that leaves a few options for node:
Do nothing. Pro: cheap. Con: bugs and vulnerabilities go unfixed
Take v1 maintenance in-house. Won't be under the libuv org's umbrella so you'll have to figure out all the logistics yourself
Persuade maintainers with money to keep maintaining v1.x as long as is necessary
To set expectations: this is a courtesy call, not an invitation to discuss what libuv should or shouldn't do. Every time someone posts a comment with a vibe of "you are morally obliged to" my hourly rate doubles >:-(
The text was updated successfully, but these errors were encountered: