Node24 upgrade, update github actions to latest versions#229
Node24 upgrade, update github actions to latest versions#229SrzStephen wants to merge 3 commits into
Conversation
…ype keyword at "#/properties/postStartCommand" (strictTypes)`
|
@microsoft-github-policy-service agree |
| "name": "Node.js & TypeScript", | ||
| // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | ||
| "image": "mcr.microsoft.com/devcontainers/typescript-node:1-20-bookworm", | ||
| "image": "mcr.microsoft.com/devcontainers/typescript-node:1-24-bookworm", |
There was a problem hiding this comment.
If you wanted to while I'm at it I can change this to debian 13 (trixie) since it's the new LTS
Not an issue until June 30th, 2028 if you want to keep this small.
|
|
||
| "@types/node@*", "@types/node@^18.11.18": | ||
| "@types/node@*": | ||
| version "18.11.18" |
There was a problem hiding this comment.
I am curious if this is the outcome if you just replace the version number in the package.json without actively uninstalling the former package 🤔 Have you tried to run "yarn remove ..." before? I am curious why yarn want's to keep the node@18 version in its yarn.lock - but I am honest, I work too less with yarn at the moment.
There was a problem hiding this comment.
To be honest - I've never dug too much into yarn lockfiles so I've never encountered this before.
I couldn't find a decent source for this but I can tell you what I observed.
yarn upgrade @types/node --latest
yarn upgrade @types/nodeNeither of these change the 18.11.18
It appears that the value for "@types/node@*": which a few dependencies have defined is calculated at time the lockfile was generated. This is different to the "@types/node@^24.0.0": below it which is in my lockfile.
I do not know if there is a better way to deal with this.
@tjarbo Options:
- I can revert the change in
package.jsonto18.11.18 - I can delete the lockfile and regenerate it (
yarn testworks but I dont know enough about the codebase to know what side effects this has) - I can do the above + also
yarn upgrade --latest(yarn test fails, and amplifies the issues above).
What's your preference?
npm installNo change
"@types/node@*":
version "18.11.18"
resolved "https://registry.yarnpkg.com/@types/node/-/node-18.11.18.tgz#8dfb97f0da23c2293e554c5a50d61ef134d7697f"
integrity sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA==
"@types/node@^24.0.0":
version "24.12.4"
resolved "https://registry.yarnpkg.com/@types/node/-/node-24.12.4.tgz#2709745569811dcbdc57c097fafdd387c6330382"
integrity sha512-GUUEShf+PBCGW2KaXwcIt3Yk+e3pkKwWKb9GSyM9WQVE+ep2jzmHdGsHzu4wgcZy5fN9FBdVzjpBQsYlpfpgLA==
dependencies:
undici-types "~7.16.0""@types/node@*":
version "25.9.1"
resolved "https://registry.yarnpkg.com/@types/node/-/node-25.9.1.tgz#3bda556db500ae4319c08e7fc9ab94f19013ba0b"
integrity sha512-xfrlY7UD5rMJk3ZVJP8BNzS28J36YJg+xp+LPXV1TdWxr8uMH5A860QNxYDGQe/ylDSgjxE52Q9VnO7p75tJxg==
dependencies:
undici-types ">=7.24.0 <7.24.7"
"@types/node@^24.0.0":
version "24.12.4"
resolved "https://registry.yarnpkg.com/@types/node/-/node-24.12.4.tgz#2709745569811dcbdc57c097fafdd387c6330382"
integrity sha512-GUUEShf+PBCGW2KaXwcIt3Yk+e3pkKwWKb9GSyM9WQVE+ep2jzmHdGsHzu4wgcZy5fN9FBdVzjpBQsYlpfpgLA==
dependencies:
undici-types "~7.16.0"
Same behaviour if I update to yarn 4
rm yarn.lock
yarn install"@types/node@npm:*":
version: 25.9.1
resolution: "@types/node@npm:25.9.1"
dependencies:
undici-types: "npm:>=7.24.0 <7.24.7"
checksum: 10c0/9a04682842bebbcf21a1779dfeab9aa733d7bd7bbc0a0edb641ab3a9a3d43eac543225acf669c334f458f1956443ebc072bc3c72840c543b8b356cab5c82d456
languageName: node
linkType: hard
"@types/node@npm:^24.0.0":
version: 24.12.4
resolution: "@types/node@npm:24.12.4"
dependencies:
undici-types: "npm:~7.16.0"
checksum: 10c0/d2c36b78b6050d8677769fa05a32243061675e81ddc2bb43955d91a671af3465506ef2731a24c0c9ab42b6b679bd5c1513de45bbe9ea278c2c07ee63b564b61b
languageName: node
linkType: hardThere was a problem hiding this comment.
I recommend using yarn why to debug version issues:
~/temp/action node24-upgrade❯ yarn why @types/node
yarn why v1.22.22
[1/4] Why do we have the module "@types/node"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
(node:1217000) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
(Use `node --trace-deprecation ...` to show where the warning was created)
=> Found "@types/node@24.12.4"
info Has been hoisted to "@types/node"
info This module exists because it's specified in "devDependencies".
info Disk size without dependencies: "2.62MB"
info Disk size with unique dependencies: "2.84MB"
info Disk size with transitive dependencies: "2.84MB"
info Number of shared dependencies: 1
=> Found "@jest/core#@types/node@18.11.18"
info This module exists because "jest#@jest#core" depends on it.
info Disk size without dependencies: "3.67MB"
info Disk size with unique dependencies: "3.67MB"
info Disk size with transitive dependencies: "3.67MB"
info Number of shared dependencies: 0
=> Found "@jest/types#@types/node@18.11.18"
info This module exists because "jest#@jest#types" depends on it.
info Disk size without dependencies: "3.67MB"
info Disk size with unique dependencies: "3.67MB"
info Disk size with transitive dependencies: "3.67MB"
info Number of shared dependencies: 0
=> Found "jest-util#@types/node@18.11.18"
...
So jest is the "problem".
Looking at @jest/core/package.json in node_modules, we can see:
"@types/node": "*",
Since it's fine with any version, the problem really just is that 18 is "stuck" there because of yarn having locked it to that version.
Personally, I would recommend not dealing with this here, so it can finally be shipped.
UPDATE: Although... this project looks abandoned, now that I look at the last commit.
Anyway... and instead tackle overall dependency upgrades (most seem to need a serious bump) in a separate PR. (Where I would also recreate the lockfile, which resolves this "problem" here. Which I don't really think is a problem because those type declarations are probably only used by transitive dependencies. But I don't have the time to look into it in this kind of detail.)
There was a problem hiding this comment.
Thanks mate, learnt something from that :)
@tjarbo how do you feel about this being merged?
|
Can this please be moved forward? |
|
it would be nice to get it merged soon :) Thank you! |
|
@joshspicer I see you were one of the maintainers at one point - are you able to look at this? |
Closes #227
I see that #228 was created but never merged in.