chore: remove EOL node versions from CI #247
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tuliomir
reviewed
Aug 4, 2023
| @@ -8,8 +8,6 @@ | |||
| "bootstrap": "^4.0.0", | |||
| "d3-selection": "^1.3.2", | |||
| "d3-zoom": "^1.7.3", | |||
| "eslint-config-airbnb": "^16.1.0", | |||
| "eslint-plugin-react": "^7.5.1", | |||
There was a problem hiding this comment.
I agree on removing these since we don't use them directly on this project right now.
But I think it's important to have a linting system available for all our projects. For now, I'll just reinforce the issue that is already open on this matter
There was a problem hiding this comment.
react-scripts has eslint as a dependency, so it is already installed, we just need a configuration, which can be done with a package.json key eslintConfig.
The best option would be to use the react-scripts default configuration but it may be extended for custom rules.
tuliomir
approved these changes
Aug 4, 2023
glevco
approved these changes
Aug 4, 2023
msbrogli
pushed a commit
that referenced
this pull request
Aug 4, 2023
* chore: remove eol node versions from CI
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Acceptance Criteria
Why enable openssl legacy provider
In Node.js v17 a security issue from the SSL provider was fixed, this is a breaking change.
To use node 17 or later we have to either enable the openssl legacy provider flag or upgrade the dependencies to not use the affected libraries.
The upgrade can be done via
npm audit fix --forcebut in our case it also required the react-scripts to be upgraded 2 major versions, this new react-scripts uses webpack 5 for build.Webpack 5 does not automatically include polyfills for node libraries, but we cannot manually add them since react-scripts does not allow custom webpack configs.
The issue can be solved in the wallet-lib by creating a browser compatible build but this requires an upgrade to the wallet-lib version which cannot be done currently since the explorer uses many deprecated apis on the wallet-lib.
The logic solution is to enable the legacy provider, understanding the security issues of openssl and create a project to refactor the explorer for the new wallet-lib version while also making the wallet-lib browser compatible.
Why remove eslint libs from package.json
We do not use them directly and the version we had fixed required an eslint version with a conflict with the react-scripts required eslint version.
So removing them is the best option.
Security Checklist