[openstreetmap/openstreetmap-website] Resolve problem with js-cookie 3.x and node engines (#3275)
Andy Allan
notifications at github.com
Wed Jul 28 09:11:59 UTC 2021
js-cookie 3.x has a dependency of nodejs >= 12. However, Ubuntu 20.04 ships with nodejs 10. We generally target the latest Ubuntu LTS, and this is also what we use for CI.
The upgrade to js-cookie 3.x was in 6feb125f4f0393bcfd319c426adb0b5f7e3c1c0f and as far as I'm aware was just for dependabot reasons rather than any required feature or bugfix. 102f3a6668665774f069a8116a251a28c3c5c0cc patched bin/yarn to ignore engines, and I can make a PR to the Dockerfile to do the same there.
I just wanted to open this discussion to check if ignoring the engines is the right approach, or if there are other workflows that might break (e.g. for other developers). As far as I can tell, for the js-cookie node module we're just using yarn/nodejs for code distribution and not otherwise using node for anything clever. But we use other node modules where we actually run the code in node (e.g. `eslint` in development, or `terser` in production) and where the engine used is more likely to be important. By ignoring the node engines, are we setting ourselves up for a problem later on e.g. when eslint or terser uses features from node 16 or 18 and we don't realise because we've disabled the engine check?
So options include:
* Pinning js-cookie to 2.x and re-enabling the engine check?
* Disabling the engine check in the Docker CI to match what we're doing in bin/yarn?
* Re-enabling engine checks when we move to Ubuntu 22.04?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3275
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210728/01e87ae1/attachment-0001.htm>
More information about the rails-dev
mailing list