Chore: Update to Node.js 20 #425
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tuliomir
force-pushed
the
chore/node18
branch
from
6443b30
to
09a79e7
Compare
tuliomir
force-pushed
the
chore/node18
branch
2 times, most recently
from
961d1ac
to
45ea265
Compare
Closed
msbrogli
requested changes
Jan 26, 2024
| @@ -59,9 +63,9 @@ | |||
| "scripts": { | |||
| "build-css": "sass --no-source-map src/index.scss src/index.css", | |||
| "watch-css": "npm run build-css && sass --no-source-map -w src/index.scss src/index.css", | |||
| "start-js": "react-scripts start", | |||
| "start-js": "react-scripts --openssl-legacy-provider start", | |||
There was a problem hiding this comment.
I think we should map which dependencies need this --openssl-legacy-provider. So we know when we can remove this flag.
There was a problem hiding this comment.
As described on the updated PR, the most relevant dependency for removing this flag is being discussed on #441
|
Superseded by #501 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Acceptance Criteria
Notes on SSL usage
Starting with NodeJS 17, a security fix with breaking changes was implemented and dropped support to older versions of OpenSSL ( official announcement ). So, every dependency used has to be compatible with OpenSSL 3.0 from now on.
By inserting the
--openssl-legacy-providerflag on ourstartandbuildscripts we can avoid this temporarily. Adding this flag does not decrease our security, but only keeps it in the same level as it was on the last version.A future PR will deal exclusively with upgrading this security point and removing this flag.
Notes on lockfile
NodeJS 20 could handle an upgrade of the lockfile version to
v3. However, this forces an update of all the patches and minor versions of all the indirect dependencies. Until the React Router is updated, this approach is not feasible, as it breaks thenpm install.A dedicated PR will be opened later to upgrade the lockfile.
Notes on building
The development environment runs correctly, and both the build script and the packaging was tested on linux
AppImage.Security Checklist