You are more than welcome. I did test this option today so it is needed in the automation example I gave.
I agree, I was away on a business trip and this pull completely halted all automations. My wife had no idea what to do, but thankfully we figured something out.
NOT a great way of promoting a reliable and future-proof solution - Some prior warning is required in the future, and despite what some may think, the systems some implement are serious, with an awful lot of effort put into making their solutions robust.
1 Like
There was as always
2 Likes
Not being mean here. If you are concerned about reliability, you should not auto-update everything. Breaking changes will always happen.
2 Likes
There was a warning on the update.
For those who have automatic updates for Node Red I would warmly recommend turning that OFF. An automatic update on NR is just asking for trouble 
2 Likes
Sound advice, I will do that now. thanks
4 Likes
Errm, looking into this now. Is there a specific way of disabling Node-Red Palette updates, or do I make that change at the node-red add-on level? Forgive me, probably a very silly, over-asked question
Node Red Addon level.
2 Likes
Yes. Heās the maintainer, he can choose what he does and does not want to support. Also itās common practice to remove unmaintained dependencies from software as they tend to create security vulnerabilities and the ones he removed look pretty unmaintained at this point.
Also he expects people to read the release notes and prepare before updating. If you donāt do that or have auto update turned on for addons then the assumption is you would prefer to fix your stuff after it breaks rather then keep it from breaking. Obviously thatās your choice but bear in mind itās not uncommon for addons to have breaking changes and the release notes are your only protection.
3 Likes
Now that HA provides such good advice on update availability I have turned off all addon auto updates.
1 Like
Too many arenāt turning on Analytics?
Does analytics include what node red nodes you are using?
Or alternatively that simply wasnāt the reason for the decision. No updates in almost 6 years suggests it is unmaintained. Unmaintained dependencies tend to become a security risk which means you should remove them even if doing so is a breaking change. Better to get rid of it now while itās just an inconvenience then wait until a vulnerability is discovered and isnāt fixed.
1 Like
The weekly downloads of node-red-contrib-stoptimer went from 153 to 3575, after it was dropped as built in palette in the addon, so many people are definitely still using it.
I use the docker version of node red and added this awhile back on my own manually, and use it on many flows. The appearance it is unsupported with no updates in 5 years is probably more likely why it was pulled out of the addon version. Any lack of updates is a potential security concern, although this one is pretty basic so Iām not really sure what it could potentially do to compromise security. Iāll look at replacing it though with the trigger node.
As a side on security concerns, i ran npm audit in my node red directory. Many other actively āmaintainedā palettes listed āhighā vulnerabilities. Iāll look into those as well. Probably also a good idea to delete any old palettes that are no longer used/needed.
1 Like
Unless missing recent development means it is not really needed. Then such false positive leads to removal which breaks lot of properly working flows without the reason.
I really curious how Frenk collected info about usage of those nodes, I personally use looptimer, stoplimter as well as traffic lights (btw the last one is often suggested on our forum as a solution for various use-cases)
Fortunately, I did read breaking changes, which stopped me from updating yet. But what I can read, itās impossible to update first and then add missing nodes against without damaging flows (the proposal found in NR addon update notes). At the same time, I donāt know a way of adding those nodes to the palette from another source, prior to the update (without removal of existing nodes).
The only way of proper update which comes to my mind is, to:
- backup flows alone
- update
- add missing nodes to the palette
- import flows from backup
Just list them in the addon config in npm_packages. The addon setup script will install any packages listed there before starting node red.
Unfortunately, this is not what update docs suggest, which caused damage to several users already.
Also, I guess npm_packages could be used by the update process in order to perform this migration in a transparent manner without introducing a breaking change. isnāt it?
You can argue that this way users wouldnāt stop using ānot maintainedā nodes. But is breaking production application wiser way to achieve that
Damage? I read the alert so after updating I installed the node. The only thing that got me concerned was that all the stoptimer nodes appeared on the flow that was on my screen making a mess BUT restarting NR fixed it.
The issue is trivial and so is the fix. Maybe the way it was done is not ideal but I am glad I got a nudge into moving to the way better trigger node supported by the core developers.
This thread was not meant to be a place to debate whether or not the update was justified but rather how to move forward with a better solution. In other words a constructive thread we can all learn from instead of unhelpful repeated complaints.
2 Likes
Iāve read comments that one who updated nodered addon, lost connections to/from removed nodes.
Have no personal experience with that since Iām still tarrying the update. But the message is terrifying.
This thread was not meant to be a place to debate whether or not the update was justified but rather how to move forward with a better solution. In other words a constructive thread we can all learn from instead of unhelpful repeated complaints.
I would expect that the best possible way should be provided by the author of this fuss.
I also provided some alternative, if you missed one.
It could be what I saw too as all the nodes appeared on the one flow shown on my screen and thus ādisconnectedā BUT as I mentioned before, a restart of NR fixed it. Hopefully people running into this issue will find this thread and learn what to do.
Yes, thank you. I was actually going down that path which is when I realized the problem went away on its own with the restart.