# Migrating your app to framework `v1.4.0`  Gadget framework version `1.4.0` has some breaking changes that need to be tested before deploying your apps to production. ## Node version upgraded to version 22.15.0  Gadget apps using framework version `1.4.0` will run nodejs version 22.15.0. This is a major version upgrade, and will require some changes to your app. See more details about Node v22 in the [Node.js 22 release announcement](https://nodejs.org/en/blog/announcements/v22-release-announce) and [changelog](https://raw.githubusercontent.com/nodejs/node/main/doc/changelogs/CHANGELOG_V22.md). ## DateTime fields are now represented as Date objects  The representation of date / time fields in model actions has changed from strings to native JavaScript Date objects. For example, if your model `post` has a `publishedAt` field, and you were handling it as a string in your actions: ```typescript export const run = async ({ params, record, logger, api, connections }) => { // record.publishedAt and params.post.publishedAt are strings const currentPublishedAt = record.publishedAt && new Date(record.publishedAt); const newPublishedAt = params.post?.publishedAt && new Date(params.post.publishedAt); if (currentPublishedAt && newPublishedAt && newPublishedAt > currentPublishedAt) { // do something } }; ``` After upgrading to v1.4.0, you'll need to update your code to work with Date objects directly: ```typescript export const run = async ({ params, record, logger, api, connections }) => { // record.publishedAt and params.post.publishedAt are Date objects const currentPublishedAt = record.publishedAt; const newPublishedAt = params.post?.publishedAt; if (currentPublishedAt && newPublishedAt && newPublishedAt > currentPublishedAt) { // do something } }; ``` All date / time fields in model actions will now be native JavaScript Date objects, eliminating the need for manual Date object creation. ## Default action timeout reduced to 15 seconds  The default timeout for model actions has been reduced from 3 minutes to 15 seconds. This affects any action that doesn't have an explicit timeout set. Actions will now throw errors if the combined duration of the `run` and `onSuccess` functions exceeds 15 seconds. Actions that have explicit timeouts set will not be affected. To set an explicit timeout for a long running action, you can use the `timeoutMS` action option: ```typescript export const run = async ({ params, record, logger, api, connections }) => { // some action logic }; export const options = { timeoutMS: 60000, // set a 1 minute timeout }; ``` Review your actions and set appropriate timeouts for any that may need more than 15 seconds to complete. If you have issues after upgrading to `v1.4.0` reach out on our [Discord](https://ggt.link/discord). ## Multiple roles independently grant permissions  Previously, Gadget's access control system required **all** the roles of a request actor to be able to perform an operation to allow it. For example, if a user had both the `reader` and `writer` roles, and tried to run an action that only the `writer` role could perform, the request would with a `GGT_PERMISSION_DENIED` error, as not all the roles could perform the action. Now, Gadget's access control system will allow a request actor to perform an operation if **any** of the roles they have been granted are able to perform it. If a user has both the `reader` and `writer` roles, and tries to run an action that only the `writer` role could perform, the request will succeed, as the user has at least one role that can perform the action. Permission enforcement behavior for request actors that have only one role is unchanged. Review your role permissions to ensure users holding multiple roles can only perform the reads and actions required.