Node: Dependabot only runs with Node 16/NPM 8, but breaks if engines in any package require Node 18/NPM 9

[broksonic21]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

npm

Package manager version

npm 9

Language version

node 18

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

We don't have an engines file in our app, though we do use Volta to ensure we run with Node 18/NPM 9

One of our dependencies does have an engine config set.

But dependably fails/complains in this scenario with this error

Is there a way to tell dependably what version to run as?

updater | <job_REDACTED > npm ERR! code EBADENGINE
updater | <job_REDACTED > npm ERR! engine Unsupported engine
updater | <job_REDACTED > npm ERR! engine Not compatible with your version of node/npm: REDACTED@1.0.0
updater | <job_REDACTED > npm ERR! notsup Not compatible with your version of node/npm: REDACTED@1.0.0
updater | <job_REDACTED > npm ERR! notsup Required: {"node":"^18","npm":"^9"}
updater | <job_REDACTED > npm ERR! notsup Actual:   {"npm":"8.19.2","node":"v16.19.0"}

Native package manager behavior

no issues, as we ensure our app is run using that version listed.

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[jeffwidman]

Did you read my response to a similar issue?

• .npmrc with "engine-strict=true" rule throws EBADENGINE error #4072 (comment)

I'm going to leave open as a reminder to double-check whether we should bump to Node 18 / NPM 9 for the Dependabot service that runs on GitHub...

[broksonic21]

Given those versions are LTS, would make sense to me (and aligned with the spirit of Dependabot re: getting to supported versions)

[matteosacchetto]

I am facing the same issue due to the use of NodeJS 18 with NPM 9.

I just wanted to leave here a link to the NodeJS release schedule, so that it may be easier to keep track when to update to node 18. According to the release schedule and the NodeJS blog on node 16 EOL, node 16 will reach EOL on September 11th, 2023 due to end of support of OpenSSL 1.1.1, which node 16 uses.

So, transitioning to NodeJS 18 is something which needs to be considered by September 2023

Hope this helps to keep track of the necessary information related to NodeJS

[matteosacchetto]

I think there is an open PR which should address this issue: #7348

[matheusml]

Any updates here?
Our repo broke after we upgraded from Node 16 to Node 18 - which is a bummer given that 18 is the LTS.

[lizthegrey]

Yarn 4.0.0-rc.47 just started requiring Node 18 instead of Node 16, causing failures like so:

updater | 2023/07/09 04:37:47 ERROR <job_690503991> Error processing @opentelemetry/exporter-trace-otlp-grpc (ArgumentError)
updater | 2023/07/09 04:37:47 ERROR <job_690503991> Malformed version number string Usage Error: This tool requires a Node version compatible with >=18.12.0 (got 16.20.1). Upgrade Node, or set `YARN_IGNORE_NODE=1` in your environment.
updater | 
updater | Yarn Package Manager - 4.0.0-rc.48
updater | 
updater |   $ yarn <command>
updater | 
updater | You can also print more details about any of these commands by calling them with 
updater | the `-h,--help` flag right after the command name.
updater | 
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /usr/local/lib/ruby/3.1.0/rubygems/version.rb:223:in `initialize'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/version.rb:8:in `initialize'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb:45:in `initialize'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /usr/local/lib/ruby/3.1.0/rubygems/version.rb:204:in `new'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /usr/local/lib/ruby/3.1.0/rubygems/version.rb:204:in `new'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb:52:in `fetch_yarn_major_version'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb:43:in `yarn_major_version'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb:70:in `yarn_berry_args'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:552:in `block (2 levels) in run_yarn_berry_checker'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:550:in `chdir'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:550:in `block in run_yarn_berry_checker'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/shared_helpers.rb:187:in `with_git_configured'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:549:in `run_yarn_berry_checker'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:521:in `run_yarn_checker'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:501:in `run_checker'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:333:in `block (2 levels) in fetch_peer_dependency_errors'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:332:in `each'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:332:in `flat_map'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:332:in `block in fetch_peer_dependency_errors'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/shared_helpers.rb:41:in `block in in_a_temporary_repo_directory'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/shared_helpers.rb:41:in `chdir'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/shared_helpers.rb:41:in `in_a_temporary_repo_directory'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:329:in `fetch_peer_dependency_errors'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:310:in `peer_dependency_errors'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:374:in `unmet_peer_dependencies'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:397:in `relevant_unmet_peer_dependencies'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:99:in `latest_resolvable_version'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker.rb:48:in `latest_resolvable_version'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:74:in `preferred_resolvable_version'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:260:in `preferred_version_resolvable_with_unlock?'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:252:in `numeric_version_can_update?'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:202:in `version_can_update?'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:44:in `can_update?'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:204:in `requirements_to_unlock'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:88:in `check_and_create_pull_request'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in `check_and_create_pr_with_error_handling'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:34:in `block in perform'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:34:in `each'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:34:in `perform'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:62:in `run'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:38:in `perform_job'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:52:in `run'
updater | 2023/07/09 04:37:47 ERROR <job_690503991> bin/update_files.rb:23:in `<main>'

https://github.com/eve-val/eve-roster/network/updates/690503991

[lizthegrey]

Thanks for the fix, @jurre and @christianvuerings. #7348 is merged. (and I confirm it works for me)

[broksonic21]

there are later tickets for Node 20/NPM 10, but I can confirm my original question here for Node 18/NPM 9 is working, so closing this out as the ticket is a year+ old