Node.JS upgrade for 16.0.2-node
Closed this issue · 2 comments
Hello, Team!
We are currently using version 16.0.2-node as one of our dependencies and for a long time the version of Node.JS was 14.*. After yesterday's release it just got bumped up to 16.*. This was a bit unexpected as we heavily rely on version 14 and this was a breaking change for us. For now as a workaround we rolled back to cimg/openjdk@sha256:3f167876b399e3c7fffbf4b458cf498d6383a572e73f18241ba25a679b8b4f1f.
Can you please elaborate on this? I understand it was a necessary security release, but also a very unexpected one...
Hi Vadim,
Thanks for the question! Our Convenience Images are ultimately meant for turnkey implementations based off of the latest long term supported (LTS) versions, so this is more of an automated process since the node variant references another repository. Your specific issue is rather rare as a result of the security update and Node's version was updated to 16 on 10/29; without it, the node bump wouldn't have occurred until 16.0.3-node
There are a couple options here:
- Use the last OpenJDK patch release 16.0.1-node, which should still contain the old node version
- Continue using the Docker image hash
- Utilize the current JDK image in addition to the node orb, which would allow you to specify and pin which version of node you'd like to use
- The last option would be to create your own image, but this requires a bit more legwork
Thanks Jeff!
I really appreciate you providing this list of options. I think we'll continue with the image hash.