Open nathanweeks opened 6 months ago
@nathanweeks If you don't mind, I'm going to restructure this ticket a little: the current versions for package.json
are:
"engines": {
"node": ">= 8.11.1",
"npm": ">= 5.6.0"
},
but the docker image and the instructions are lagging here. The images that we build up for local devops are processing over this. It would be nice to track more recent versions generally, but the priority has been lower. (Solr is a particulat pain point.) On the upside, as the actual servers are pretty much all perl and apache CGI, so there is little remote attack surface and that can be mitigated by proxies.
Currently the Dockerfile & installation scripts appear to be compatible with node 8.x and npm 3.x (both long since EOL), currently installed on ubuntu:18.04 (also EOL) in the docker/Dockerfile, but not, e.g. nodejs 10.19.0 & npm 6.14.4 available for ubuntu 20.04:
It would be helpful from a security and compatibility standpoint if the package*json files were updated to be compatible with more-recent nodejs versions (that are available to newer / still-supported Ubuntu releases).