Update Node version and dependencies

[lumaxis]

Since Node 16 has gone EOL recently and several npm dependencies had critical security vulnerabilities, this PR aims to bring the setup more up-to-date and get us closer to a state where we're running in a current environment with current dependencies.

[qtomlinson]

Looks good to me. Could a sanity test be run to ensure that all component types are harvested ok? Sample payload below to post localhost:5000/requests:

[
    {
        "type": "component", 
        "url": "cd:/maven/mavencentral/org.apache.httpcomponents/httpcore/4.3"
    },    {
        "type": "component", 
        "url": "cd:/maven/gradleplugin/io.github.lognet/grpc-spring-boot-starter-gradle-plugin/4.6.0"
    },    {
        "type": "component", 
        "url": "cd:/maven/mavengoogle/android.arch.lifecycle/common/1.0.1"
    }, {
        "type": "component", 
        "url": "cd:/crate/cratesio/-/bitflags/1.0.4"
    }, {
        "type": "component", 
        "url": "cd:/npm/npmjs/-/redis/0.1.0"
    }, {
        "type": "component", 
        "url": "cd:/git/github/bitflags/bitflags/518aaf91494e94f41651a40f1b38d6ab522b0235"
    }, {
        "type": "component", 
        "url": "cd:/pypi/pypi/-/backports.ssl_match_hostname/3.7.0.1"
    }, {
        "type": "component", 
        "url": "cd:/gem/rubygems/-/small/0.4"
    }, {
        "type": "component", 
        "url": "cd:/composer/packagist/symfony/polyfill-mbstring/1.11.0"
    }, {
        "type": "component", 
        "url": "cd:/go/golang/rsc.io/quote/v1.3.0"
    }, {
        "type": "component", 
        "url": "cd:/nuget/nuget/-/xunit.core/2.4.1"
    }, {
        "type": "component", 
        "url": "cd:/pod/cocoapods/-/SoftButton/0.1.0"
    }, {
        "type": "component",
        "url": "cd:/deb/debian/-/mini-httpd/1.30-0.2_arm64"
    }	
]

[lumaxis]

Will do! I ran a few manual tests already but happy to do a few more. Is there any way for me to check the completeness of the results other than an eye test?

[qtomlinson]

Running the crawler without PR and with PR and comparing the harvested raw files at local FILE_STORE_LOCATION can provide some indications. Expect similar harvest file sizes before and after. If you want to compare individual files, expect nothing drastically different except for time stamps and uuids in the temp directory paths.

[qtomlinson]

Do we want to consider update the lockfile version to v3 as well?

[lumaxis]

Good idea, updated!

[qtomlinson]

bullseye and buster both have openssl 1.1 (https://packages.debian.org/bullseye/mips64el/openssl, https://packages.debian.org/buster/openssl). Compiling Ruby 2.5 is successful with these two images. May be node:18-bullseye is better? What do you think?

[lumaxis]

@qtomlinson How do we go about getting this merged? 🙂

[qtomlinson]

I don't have rights to merge.
@jeffwilcox for review and merge