Many maps stack dependency upgrades are blocked on being able to upgrade to the recent 3.7.x versions of node-mapnik. Version 3.7.2, the latest in the 3.7.x series, depends on mapnik 3.0.20, the release packaged for Debian Buster. It fails to build against mapnik 3.0.12, which is packaged for Stretch. There doesn't appear to be a publicly available backport of 3.0.20.
# Have mapnik 3.0.20 backported
# Build it from source
# Wait until we upgrade to Buster in production
(1) is what was done for current version in Jessie for node 6 compatibility (see T150354 and subtasks T152131 and T150722). It's probably what should be done here.
(2) is also possible according to @MSantos's testing in Docker, but building from source seems uncommon in production. Is it possible in this instance?
(3) probably won't be possible in practice. The dependency versions we're forced to rely on are aging, and `npm install`s are already throwing many warnings. These will convert to errors as soon as we upgrade npm (see T195316), and in the meantime we are very poorly situated in the event an upgrade is urgently needed, for example because of a node security issue.