Skip to content

🛡️ Sentinel: Improve EOL detection for odd and legacy versions#807

Closed
google-labs-jules[bot] wants to merge 1 commit intomainfrom
sentinel-eol-detection-fix-10994980416293653299
Closed

🛡️ Sentinel: Improve EOL detection for odd and legacy versions#807
google-labs-jules[bot] wants to merge 1 commit intomainfrom
sentinel-eol-detection-fix-10994980416293653299

Conversation

@google-labs-jules
Copy link
Contributor

@google-labs-jules google-labs-jules bot commented Jan 11, 2026
edited by cubic-dev-ai bot
Loading

🛡️ Sentinel: [Security Enhancement] Improve EOL detection

Vulnerability:
The library previously only checked EOL status against a hardcoded list of recent LTS versions (18, 20, 22, 24). This meant that running on:

  • Odd versions (e.g., Node 21, which is already EOL) returned isEOL: false.
  • Legacy versions (e.g., Node 10, 12, 14, 16) returned isEOL: false (if not in the map).

This could mislead users or tools relying on this library into thinking they are running on a supported, secure Node.js version when they are not.

Fix:

  1. Expanded EOL_DATES to include versions 12, 14, 16, 17, 19, 21, 23.
  2. Updated checkEOL logic to explicitly mark any major version < 12 as EOL.
  3. Added tests to verify EOL status for odd versions (like 21) and legacy versions (like 10).

Verification:

  • bun run test passes.
  • Verified that simulated Node 21 environment now correctly reports isEOL: true.

PR created automatically by Jules for task 10994980416293653299 started by @srod

Summary by cubic

Improves Node EOL detection to correctly flag odd majors and legacy versions as unsupported, ensuring accurate security warnings. Adds missing EOL dates and a safe fallback for very old versions.

  • Bug Fixes
    • Added EOL dates for 12, 14, 16, 17, 19, 21, 23.
    • checkEOL now marks any major < 12 as EOL when not in the map.
    • Added tests for odd majors (21) and legacy versions (10).

Written for commit 6dbcaf1. Summary will update on new commits.

@google-labs-jules
Security: Improve EOL detection for odd and legacy versions
6dbcaf1 
- Added EOL dates for odd versions (17, 19, 21, 23) and older LTS versions (12, 14, 16) to `EOL_DATES`.
- Updated `checkEOL` to fallback to checking if major < 12 for very old versions.
- Added comprehensive tests for EOL scenarios including odd versions.
@google-labs-jules
Copy link
Contributor Author

google-labs-jules bot commented Jan 11, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

@changeset-bot
Copy link

changeset-bot bot commented Jan 11, 2026

🦋 Changeset detected

Latest commit: 6dbcaf1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
node-version Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai
Copy link

coderabbitai bot commented Jan 11, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Jan 11, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (0c22e76) to head (6dbcaf1).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main      #807   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           46        50    +4     
  Branches        16        17    +1     
=========================================
+ Hits            46        50    +4
Flag Coverage Δ
unittests 100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@srod
Copy link
Owner

srod commented Jan 16, 2026

Superseded by #826 - closing duplicate bot-generated PR

@srod srod closed this Jan 16, 2026
@google-labs-jules
Copy link
Contributor Author

google-labs-jules bot commented Jan 16, 2026

Superseded by #826 - closing duplicate bot-generated PR

Understood. Acknowledging that this work is now obsolete and stopping work on this task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@srod