Does not work on Node 16 which is dynamically linked to openssl 3

[Artur-]

Description of the bug

If you have a new Node 16 installed that is dynamically linked to openssl3, building the frontend fails with

'/usr/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONS

Expected behavior

You can use a Node 16 version dynamically linked with openssl3

Minimal reproducible example

Versions

• Vaadin / Flow version: 23.1.rc1

[Artur-]

This is a Node issue described and fixed in nodejs/node#42972 but not yet released. Looks like it will be in Node 16.16.0

[mshabarov]

Enabling Vite with a feature flag and using it instead of webpack can be considered as a workaround before Node 16.16.0 is out.

[AB-xdev]

Same problem here:

Dockerfile (Alpine-Linux):

ARG image=maven:3-eclipse-temurin-17-alpine

FROM ${image}

# Install required software
RUN apk add --no-cache bash git \
    # https://github.com/oshi/oshi/issues/1301 https://github.com/oshi/oshi/issues/271
    && apk add --no-cache eudev
# Install latest LTS nodejs and npm
RUN apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main/ nodejs
RUN apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community/ npm

# Create non root user
ARG userName=limitedbuild
ARG groupName=limitedbuild
ARG userId=1000

RUN addgroup --system ${groupName} \
	&& adduser --uid ${userId} --system --disabled-password --shell /bin/bash ${userName} \
	&& adduser ${userName} ${groupName}

# Change user
USER ${userId}
...

(The above installs Node v16.16.0)

Results in:

14:20:45  [ERROR] Failed to execute goal com.vaadin:vaadin-maven-plugin:23.1.6:build-frontend (default) on project webclient: Execution default of goal com.vaadin:vaadin-maven-plugin:23.1.6:build-frontend failed: Webpack process exited with non-zero exit code.
14:20:45  [ERROR] Stderr: '/usr/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONS
14:20:45  [ERROR] ': Unexpected exit value: 9, allowed exit values: [0], executed command [/usr/bin/node, /var/jenkins_home/workspace/lient_Tasks_Docker_Build_develop/webclient/node_modules/webpack/bin/webpack.js] in directory /var/jenkins_home/workspace/lient_Tasks_Docker_Build_develop/webclient with environment {<A TON OF JENKINS ENVIRONMENT VARIABLES>, HOME=/home/limitedbuild, NODE_OPTIONS=--openssl-legacy-provider}, output was 72 bytes:
14:20:45  [ERROR] /usr/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONS

Same problem occurs on ubuntu:latest when pre-installing NodeJS 16

FROM maven:3-eclipse-temurin

RUN apt-get update \
	&& apt-get install -y curl \
	&& curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash \
	&& export NVM_DIR="$HOME/.nvm" \
	&& [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" \
	&& nvm install 16.17.0 \
	&& nvm use v16.17.0 \
	&& nvm alias default v16.17.0

Executing:

export NODE_OPTIONS=--openssl-legacy-provider
node --version

also returns node: --openssl-legacy-provider is not allowed in NODE_OPTIONS

[Artur-]

The fix is in Node 16.17, so this should be resolved by #14361

[Artur-]

Does this work now with a 23.2-SNAPSHOT?

[Artur-]

Assuming it works

[mshabarov]

I'm still getting
--openssl-legacy-provider is not allowed in NODE_OPTIONS
with https://github.com/nodejs/node/releases/tag/v16.17.0
however it is stated that this parameter has been added there.

nodejs/node#40478 (comment)

[Artur-]

Is there a github repo or zip with a test for this?

[mshabarov]

Flow 9.0 snapshot validation in Bender failed when I added NODE_OPTIONS=--openssl-legacy-provider env variable to the build (it was added to fix flow-client tests, now flow-client fixed in another way).
But I got some explanations here nodejs/node#40478 (comment), so this parameter is not needed when open ssl 1.1.1 is used (by default).