Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need support for Node.js 20 #4550

Closed
XiaofuHuang opened this issue Oct 23, 2023 · 15 comments · Fixed by #4726
Closed

Need support for Node.js 20 #4550

XiaofuHuang opened this issue Oct 23, 2023 · 15 comments · Fixed by #4726
Assignees
Labels
feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team.

Comments

@XiaofuHuang
Copy link

XiaofuHuang commented Oct 23, 2023

Node.js 20 will be designated as the active LTS version as of October 24, 2023.
The SDK has a dependency on @azure/msal-node, which appears to be outdated. Running the npm install commandresults in warnings due to its incompatibility with Node.js 20.

@XiaofuHuang XiaofuHuang added feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team. labels Oct 23, 2023
@frbayart
Copy link

@ramfattah Any news to support the current nodejs LTS

@oFlo193o
Copy link

oFlo193o commented Nov 15, 2023

Also waiting for Node.js 20 Support...

@seanhsmith
Copy link

+1 We were hoping to update our project to node 20 but were limited to node 18 due to this dependency.

@oFlo193o
Copy link

Any news on this one @microsoftopensource / or maybe @ceciliaavila?

@elovin
Copy link

elovin commented Dec 11, 2023

Apparently there are no breaking changes between @azure/msal-node v1 and v2 aside from the dropped nodejs < 16 support in v2.

So until the dependency is being updated you could just overwrite the dependency globally in package.json

[...]

        "overrides": {
		"@azure/msal-node": "2.6.0"
	},
	"dependencies": {
		"@azure/msal-node": "2.6.0",

[...]

@alexnault
Copy link

alexnault commented Jan 16, 2024

Are there plans to upgrade to @azure/msal-node v2 and as a result support Node 20?

@tracyboehrer
Copy link
Member

@alexnault Yes. But there is a complication. While it's out of support, we still have a healthy number of customers on Node 16. Not good manners to just drop it without a heads up. For the next few releases, the release notes will include a notice about updating to Node 18+. Does elovins suggestion work for you?

@alexnault
Copy link

alexnault commented Jan 17, 2024

@tracyboehrer Great to hear that Node 20 support is on the horizon!

I understand that dropping support for Node 16 is a breaking change. To me, this should warrant a major version upgrade (botbuilder@5.0.0) over a notice, like @azure/msal-node did.

Meanwhile, we added overrides to our package.json as @elovin suggested and it does work:

"overrides": {
  "@azure/msal-node": "^2.6.1"
}

Cheers!

@mogadanez
Copy link

is error @azure/msal-node@1.18.4 really not support node 20?
maybe just remove this constraint and allow node 20 in @azure/msal-node@1.18.5 ?

The engine "node" is incompatible with this module. Expected version "10 || 12 || 14 || 16 || 18".

@eitanlevinzon-astrix
Copy link

Hey, what's the status of this? Waiting for this to be implemented for OfficeDev/teams-toolkit#10849

@davepoon
Copy link

davepoon commented Apr 5, 2024

Could you please give us an update on this matter?

@Bomret
Copy link

Bomret commented May 8, 2024

We received an email today that Azure Functions will drop node <18 next year and projects need. to update to keep receiving security updates and costumer service. Just a heads up for you 😉

Excerpt from the Microsoft email:

Support for Node.js 18 ends on 30 April 2025—upgrade your apps to Node.js 20 

You’re receiving this email because you have one or more Node.js 18 app(s) on Azure Functions.

On 30 April 2025, Node.js 18 will end. Your apps that are hosted on Azure Functions will continue to run, but security updates will no longer be available, and we’ll no longer provide customer service for Node.js 18. Learn more about Azure Functions stack version support.

@tracyboehrer
Copy link
Member

Thanks all. This is high priority for us, but we are blocked by another dependency. Working it.

@dominykas
Copy link

Outdated dependencies in botbuilder are starting to rack up vulnerabilities, e.g. https://security.snyk.io/vuln/SNYK-JS-AZUREIDENTITY-7246760, https://security.snyk.io/vuln/SNYK-JS-AZUREMSALNODE-7246761 - @azure/identity is two major versions behind, and then there's axios@0.x.

Given that some of these are inside Microsoft, perhaps there could be a way to backport some of the fixes to the older versions, to keep things maintained?

As much as the breaking changes are not necessarily viable for certain customers who are on old versions of Node.js (which is unmaintained for 9 months, mind you), increasing the vulnerability footprint is a problem for other customers, and I'm not sure which one is more important (and dangerous).

@dominykas
Copy link

One more vulnerable outdated dependency under botframework-streaming: https://security.snyk.io/vuln/SNYK-JS-WS-7266574

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team.
Projects
None yet
Development

Successfully merging a pull request may close this issue.