Categories:
Upgrade Aura bot to node 18 and its dependencies
Guidelines for the upgrade of aura-bot to node 18 and the update of its major dependencies, in order to avoid end-of-life of current versions
Introduction
Current version of node being used is 14 LTS, that finished active support in October 2021 and security support in April 2023.
In order to avoid the inconveniences of working with an old version, without security updates, we will update to current latest LTS version 18, with active support until October 2023 and security support until April 2025.
Moreover, some major dependencies are also upgraded in order to keep the latest available versions, with new features and security updates.
:warning:
The upgrade of node and dependencies in aura-bot comes together with the migration to Bot Framework 4.19..
The latter implies that local use cases must be migrated to this new version to be operative. For this purpose, OBs must follow the guidelines Migrate use cases to Bot Framework 4.19.
Guidelines for upgrade
In this section, a list of mandatory and recommended changes will be explained, but consider applying them both, as it will prevent future incompatibilities.
Mandatory changes
Docker base
Docker base image was changed from node:14.17.1-alpine3.13 to node:18.16.0-alpine3.17, in bot Dockerfile and mini-bot Dockerfile.
If using a different container on deploys, it must be upgraded to node 18.
Internally, the jenkins slave was set to aura-node18-ubuntu22 on Jenkinsfile (only affects to the global team).
Node types update
Package with node types must be upgraded to version 18 in the package.json file:
{
"@types/node": "^18.16.0"
}
Upgrade Typescript
Typescript was upgraded in aura-bot to version 5, so it must be also upgraded in all packages and libraries. For this purpose, modify the typescript dependency in the required package.json files:
{
"typescript": "~5.0.0"
}
Update package-lock.json
After upgrading node version to 18, npm is also upgraded to version 9.5.1, and the package-lock.json is obsolete. Running a one-time npm install will upgrade lockfileVersion to 3, and the required content, such as sha512 integrity hashes instead of sha1.
It is also recommended to delete the whole file package-lock.json before npm install, to upgrade also dependencies to newer versions.
Recommended changes
In this section, other optional upgrades are shown, highly recommended in order to avoid future compatibility problems. We encourage applying them, in addition to the mandatory changes.
mongodb-memory-server
It is recommended to upgrade mongodb-memory-server to the latest version 8.12.2, due to deprecation of current version and, moreover, in order to prepare the code to near future upgrade of MongoDB (from version 4 to version 6). The upgrade requires a minimal code update.
npm-check-updates
It is also recommended to upgrade npm-check-updates to latest version 16.10.9, as current version has a transitive dependency with an obsolete node-gyp that causes incompatibility when using Python >= 3.11, that is the default version in Ubuntu 22.