Upgrade Docker image of gemnasium, retire.js to Node.js 14 LTS
Problem to solve
Upgrade the Docker base image of gemnasium
and retire.js
to Node 14 LTS (Fermium).
See https://nodejs.org/en/download/releases/
Upgrading to a more recent version of Node might cause compilation errors when installing old npm packages. See https://gitlab.com/gitlab-org/gitlab/-/issues/247080#note_412767489
For instance, node-sass v3.9.1 can be installed in the current
retire.js:2
image (Node 11 + python), but cannot be installed innode:12-alpine
(after installing Python). The compilation error I got is described in a GitHub issue.Here are similar compilation errors users experience when upgrading to a newer version of Node:
- https://stackoverflow.com/questions/57670530/gulp-3-9-to-4-migration
- https://github.com/jprichardson/node-kexec/issues/36
- https://github.com/creationix/node-sdl/issues/24
The solution is to upgrade to a new version of the package, like v4.14+ in the case of node-sass.
Intended users
Proposal
Update the following analyzers using node
to version 14
.
-
https://gitlab.com/gitlab-org/security-products/analyzers/retire.js/ -
https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/
Further details
See pertinent discussion here: https://gitlab.com/gitlab-org/gitlab/-/issues/247080#note_412743926
Permissions and Security
Documentation
N/A
Availability & Testing
What does success look like, and how can we measure that?
The analyzers mentioned above continue to work as before.
What is the type of buyer?
N/A
Is this a cross-stage feature?
N/A
Links / references
N/A