feat: add eol page #7990
feat: add eol page #7990
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
ran with |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #7990 +/- ##
==========================================
+ Coverage 72.98% 72.99% +0.01%
==========================================
Files 95 95
Lines 8324 8324
Branches 215 215
==========================================
+ Hits 6075 6076 +1
+ Misses 2248 2247 -1
Partials 1 1 ☔ View full report in Codecov by Sentry. |
|
I feel this page should use a layout without the sidebar/metabar FYI |
that's fine - i just grabbed one quick - using this is page/default (not used anywhere) 
|
|
@avivkeller can we use the new website for CVEs? https://www.cve.org/CVERecord?id=CVE-2025-23166 instead of cve.mitre.org? |
|
Also this description: "There are 4+ known vulnerabilities associated with this Node.js release. Please review their severity and details to understand the potential impact." not sure if it is fitting. I think we should lean more into what CVEs are how to understand them what having these issues are... IDK; Throwing the "Please review their severity and details to understand the potential impact." to the end-user might not be ideal. I mean in the end that's whaty they're going to do anyways, but we could use such section to explain actual concrete details of what CVEs means, what clicking these links means, idk. |
|
Also can the "is EoL" be "has reached EOL" or "is EOL" or just "is vulnerable" |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
|
@joyeecheung i wanted to respectfully point out 1a4a53a - it felt important to include but i didnt want to pave over your proposed changes. happy to discuss further |
I think I removed it by mistake. Thanks for catching it! |
|
Thank you so much @joyeecheung, @jasnell and @RafaelGSS for your early reviews ❤️ Also asking for the rest of @nodejs/tsc to give a chime in here! (I recall, @RaisinTen and @anonrig) also had thoughts on the EOL debacle. |
Should we maybe update the 2nd line to be "For any EOL Node.js version"? |
Co-authored-by: Darshan Sen <[email protected]> Signed-off-by: Claudio Wunder <[email protected]>
|
I would cut the list to Node 12: apparently our data for 11 and before is significantly incomplete. |
|
@mcollina I should have updated the table screenshots - I worked with the security WG (via nodejs/security-wg#1502) to properly label 60+ unknown CVEs, mostly from that time period. This logic will always be up to date on the website based on the security WG info 
Does this give you more confidence in the experience? |
|
@bmuenzenmeyer could you increase a tiny bit the gap between the pills? |
|
@ovflowd done i dont want to add more without having to worry about chip wrapping |
|
An ask for later (definitely not for this PR): It would be nice to have a toggle for the table that hides any rows for non-LTS versions. |
|
Just remove "V0" from the list, it's pre-foundation things. |
Can we retitle it to "Earlier Versions"? |
|
we do have blog posts about v0 versions? https://nodejs.org/en/blog/vulnerability/june-2016-security-releases#update-16-june-2016-adjusted-release-schedule |
@mcollina do you still wish for this section to be removed? |
github-actions
bot
removed
the
github_actions:pull-request
|
Lighthouse Results
|
|
|
||
| export const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low'] as const; | ||
|
|
||
| const SEVERITY_KIND_MAP = { |
There was a problem hiding this comment.
Should these constants maybe be on a constants file?
|
|
||
| import VulnerabilityChip from './Chip'; | ||
|
|
||
| export const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low'] as const; |
| vulnerabilities, | ||
| }) => { | ||
| // Group vulnerabilities by severity | ||
| const groupedBySeverity = vulnerabilities.reduce<Record<string, number>>( |
There was a problem hiding this comment.
Is an useMemo needed here? (I doubt, but just asking)
| import Link from '#site/components/Link'; | ||
|
|
||
| const EOLAlert = () => { | ||
| const t = useTranslations('components.eolAlert'); |
There was a problem hiding this comment.
Usually we don't do shorthands, we alays call t() with the full translation path to make it easier to statically analyze and find usages.
There was a problem hiding this comment.
(This applies to call useTranslations() calls on your PR.
Description
We now have a dedicated EOL page!
Changes not directly related to the scope
Validation
EOL Page - live preview at https://nodejs-org-git-eol-openjs.vercel.app/en/eol
EOL / Vulnerability Table
Details
Link updated here
and here
Vulnerability Blog Posts
Related Issues
closes #7906
closes #7899
Check List
All other links on all alert boxes across the website (blog post from Matteo, Download pages, Version modal, etc) go to the /EOL page- did not do Matteo's blog post yet - would rather someone else choose to editorialize that.pnpm formatto ensure the code follows the style guide.pnpm testto check if all tests are passing.pnpm buildto check if the website builds without errors.