[Announcement] Bun support is now limited and deprecated

[公告] Bun 支持现已受限并被弃用

Due to foreseeable compatibility and security issues, yt-dlp’s support for Bun as an ejs-compatible JavaScript runtime is being both limited and deprecated. As of the next yt-dlp and/or ejs release, only Bun versions 1.2.11 through 1.3.14 will be supported. 由于可预见的兼容性和安全性问题，yt-dlp 对 Bun 作为 ejs 兼容 JavaScript 运行时的支持现已被限制并弃用。从下一个 yt-dlp 和/或 ejs 版本开始，仅支持 Bun 1.2.11 到 1.3.14 版本。

The rationale for this change is twofold: The minimum required version is being raised from 1.0.31 to 1.2.11 because building the ejs package with a version earlier than 1.2.0 results in the ejs lockfile being ignored, which is a significant security concern for users when considering all of the recent npm supply chain attacks. Additionally, the support floor is being bumped to 1.2.11 instead of 1.2.0 because the ejs test suite cannot be run with versions of Bun earlier than 1.2.0. 此次变更的原因有二：最低版本要求从 1.0.31 提高到 1.2.11，是因为使用 1.2.0 之前的版本构建 ejs 包会导致 ejs 锁文件（lockfile）被忽略，考虑到近期频发的 npm 供应链攻击，这对用户而言是一个重大的安全隐患。此外，支持下限被提升至 1.2.11 而非 1.2.0，是因为 ejs 测试套件无法在 1.2.11 之前的 Bun 版本上运行。

Bun was recently rewritten in Rust using Claude, and its development seems to have taken a turn towards being fully vibe-coded. This is alarming and disappointing for a number of reasons, and frankly it seems like a future headache that we’d prefer to avoid. We are adding a support ceiling of version 1.3.14, as that is the last release built from the original zig codebase. Bun 最近使用 Claude 进行了 Rust 重写，其开发方向似乎已转向完全的“凭感觉编码”（vibe-coded）。出于多种原因，这令人担忧且失望，坦率地说，这似乎是我们希望避免的未来麻烦。我们设定了 1.3.14 作为支持上限，因为这是基于原始 Zig 代码库构建的最后一个版本。

Bun support will also be deprecated. This means that while yt-dlp will continue to support this narrower range of Bun versions for as long as they’re able to meet the needs of yt-dlp and ejs, we reserve the right to completely drop support for Bun should it at any point become too burdensome to maintain. Bun 的支持也将被弃用。这意味着，虽然只要这些 Bun 版本能够满足 yt-dlp 和 ejs 的需求，yt-dlp 就会继续支持这一较窄的版本范围，但如果维护 Bun 在任何时候变得过于繁重，我们保留完全放弃对其支持的权利。

See the EJS wiki article for more information about supported JavaScript runtimes, but note that it has not yet been updated to reflect the changes announced in this post. 有关支持的 JavaScript 运行时的更多信息，请参阅 EJS wiki 文章，但请注意，该文章尚未更新以反映本文中宣布的变更。