Skip to content

Node24 upgrade, update github actions to latest versions#229

Open
SrzStephen wants to merge 3 commits into
devcontainers:mainfrom
SrzStephen:node24-upgrade
Open

Node24 upgrade, update github actions to latest versions#229
SrzStephen wants to merge 3 commits into
devcontainers:mainfrom
SrzStephen:node24-upgrade

Conversation

@SrzStephen

Copy link
Copy Markdown

Closes #227

I see that #228 was created but never merged in.

@SrzStephen
SrzStephen requested a review from a team as a code owner May 24, 2026 15:57
@SrzStephen

Copy link
Copy Markdown
Author

@microsoft-github-policy-service agree

"name": "Node.js & TypeScript",
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
"image": "mcr.microsoft.com/devcontainers/typescript-node:1-20-bookworm",
"image": "mcr.microsoft.com/devcontainers/typescript-node:1-24-bookworm",

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you wanted to while I'm at it I can change this to debian 13 (trixie) since it's the new LTS

Not an issue until June 30th, 2028 if you want to keep this small.

Comment thread yarn.lock

"@types/node@*", "@types/node@^18.11.18":
"@types/node@*":
version "18.11.18"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am curious if this is the outcome if you just replace the version number in the package.json without actively uninstalling the former package 🤔 Have you tried to run "yarn remove ..." before? I am curious why yarn want's to keep the node@18 version in its yarn.lock - but I am honest, I work too less with yarn at the moment.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest - I've never dug too much into yarn lockfiles so I've never encountered this before.

I couldn't find a decent source for this but I can tell you what I observed.

yarn upgrade @types/node --latest
yarn upgrade @types/node

Neither of these change the 18.11.18

It appears that the value for "@types/node@*": which a few dependencies have defined is calculated at time the lockfile was generated. This is different to the "@types/node@^24.0.0": below it which is in my lockfile.

I do not know if there is a better way to deal with this.

@tjarbo Options:

  1. I can revert the change in package.json to 18.11.18
  2. I can delete the lockfile and regenerate it (yarn test works but I dont know enough about the codebase to know what side effects this has)
  3. I can do the above + also yarn upgrade --latest (yarn test fails, and amplifies the issues above).

What's your preference?

npm install

No change

"@types/node@*":
  version "18.11.18"
  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.11.18.tgz#8dfb97f0da23c2293e554c5a50d61ef134d7697f"
  integrity sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA==

"@types/node@^24.0.0":
  version "24.12.4"
  resolved "https://registry.yarnpkg.com/@types/node/-/node-24.12.4.tgz#2709745569811dcbdc57c097fafdd387c6330382"
  integrity sha512-GUUEShf+PBCGW2KaXwcIt3Yk+e3pkKwWKb9GSyM9WQVE+ep2jzmHdGsHzu4wgcZy5fN9FBdVzjpBQsYlpfpgLA==
  dependencies:
    undici-types "~7.16.0"
"@types/node@*":
  version "25.9.1"
  resolved "https://registry.yarnpkg.com/@types/node/-/node-25.9.1.tgz#3bda556db500ae4319c08e7fc9ab94f19013ba0b"
  integrity sha512-xfrlY7UD5rMJk3ZVJP8BNzS28J36YJg+xp+LPXV1TdWxr8uMH5A860QNxYDGQe/ylDSgjxE52Q9VnO7p75tJxg==
  dependencies:
    undici-types ">=7.24.0 <7.24.7"

"@types/node@^24.0.0":
  version "24.12.4"
  resolved "https://registry.yarnpkg.com/@types/node/-/node-24.12.4.tgz#2709745569811dcbdc57c097fafdd387c6330382"
  integrity sha512-GUUEShf+PBCGW2KaXwcIt3Yk+e3pkKwWKb9GSyM9WQVE+ep2jzmHdGsHzu4wgcZy5fN9FBdVzjpBQsYlpfpgLA==
  dependencies:
    undici-types "~7.16.0"

Same behaviour if I update to yarn 4

rm yarn.lock
yarn install
"@types/node@npm:*":
  version: 25.9.1
  resolution: "@types/node@npm:25.9.1"
  dependencies:
    undici-types: "npm:>=7.24.0 <7.24.7"
  checksum: 10c0/9a04682842bebbcf21a1779dfeab9aa733d7bd7bbc0a0edb641ab3a9a3d43eac543225acf669c334f458f1956443ebc072bc3c72840c543b8b356cab5c82d456
  languageName: node
  linkType: hard

"@types/node@npm:^24.0.0":
  version: 24.12.4
  resolution: "@types/node@npm:24.12.4"
  dependencies:
    undici-types: "npm:~7.16.0"
  checksum: 10c0/d2c36b78b6050d8677769fa05a32243061675e81ddc2bb43955d91a671af3465506ef2731a24c0c9ab42b6b679bd5c1513de45bbe9ea278c2c07ee63b564b61b
  languageName: node
  linkType: hard

@s-h-a-d-o-w s-h-a-d-o-w Jul 18, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend using yarn why to debug version issues:

~/temp/action node24-upgrade❯ yarn why @types/node
yarn why v1.22.22
[1/4] Why do we have the module "@types/node"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
(node:1217000) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
(Use `node --trace-deprecation ...` to show where the warning was created)
=> Found "@types/node@24.12.4"
info Has been hoisted to "@types/node"
info This module exists because it's specified in "devDependencies".
info Disk size without dependencies: "2.62MB"
info Disk size with unique dependencies: "2.84MB"
info Disk size with transitive dependencies: "2.84MB"
info Number of shared dependencies: 1
=> Found "@jest/core#@types/node@18.11.18"
info This module exists because "jest#@jest#core" depends on it.
info Disk size without dependencies: "3.67MB"
info Disk size with unique dependencies: "3.67MB"
info Disk size with transitive dependencies: "3.67MB"
info Number of shared dependencies: 0
=> Found "@jest/types#@types/node@18.11.18"
info This module exists because "jest#@jest#types" depends on it.
info Disk size without dependencies: "3.67MB"
info Disk size with unique dependencies: "3.67MB"
info Disk size with transitive dependencies: "3.67MB"
info Number of shared dependencies: 0
=> Found "jest-util#@types/node@18.11.18"
...

So jest is the "problem".
Looking at @jest/core/package.json in node_modules, we can see:

"@types/node": "*",

Since it's fine with any version, the problem really just is that 18 is "stuck" there because of yarn having locked it to that version.

Personally, I would recommend not dealing with this here, so it can finally be shipped.
UPDATE: Although... this project looks abandoned, now that I look at the last commit.
Anyway... and instead tackle overall dependency upgrades (most seem to need a serious bump) in a separate PR. (Where I would also recreate the lockfile, which resolves this "problem" here. Which I don't really think is a problem because those type declarations are probably only used by transitive dependencies. But I don't have the time to look into it in this kind of detail.)

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks mate, learnt something from that :)
@tjarbo how do you feel about this being merged?

@thediveo

Copy link
Copy Markdown

Can this please be moved forward?

@DMezhenskyi

Copy link
Copy Markdown

it would be nice to get it merged soon :) Thank you!

@SrzStephen SrzStephen mentioned this pull request Jul 18, 2026
@SrzStephen

Copy link
Copy Markdown
Author

@joshspicer I see you were one of the maintainers at one point - are you able to look at this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Upgrade to Node24

5 participants