[Question]: In the package the old node are available

[pallottine]

Describe your question

In the package for v4.272.0 there are also old node folders available with old node versions which have vulnerabilities. Is there any reason for this?

Versions

azure pipeline agent v.4.272.0 on Linux

Environment type (Please select at least one enviroment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Operation system

RHEL 8.10

Version controll system

No response

Azure DevOps Server Version (if applicable)

No response

[MantavyaDh]

The agent ships multiple Node.js runtimes (node10, node16, node20_1, node24) by design because pipeline tasks
declare which Node handler they require in their task.json, and the agent must provide that exact runtime to execute
them. Removing older Node versions would break any task first-party or marketplace that still targets those
handlers, so they're kept for backwards compatibility.

Note: If you don't need the older runtimes, there is a pipelines-agent package variant that excludes Node 6 and Node 10. here