Pinned dependency X stops working in Node X+1. Upgrading dependency X to work on Node X+1 breaks code using dependency X. Sorting out the mess stops development and leads to cascading breakage.
So just say "fuck it" and wrap the project up on a Docker container running Node X. Now work can continue. Luckily the project is internal so missing security fixes is less of a problem than something customer facing.
So just say "fuck it" and wrap the project up on a Docker container running Node X. Now work can continue. Luckily the project is internal so missing security fixes is less of a problem than something customer facing.