feat(npmminage): L3-000 npm and node bump, npm package min age#868
feat(npmminage): L3-000 npm and node bump, npm package min age#868sgrund14 wants to merge 1 commit into
Conversation
sgrund14
requested review from
DaveMcNamara,
adietrich3074,
constantinehuzenko,
davidicus,
scottdickerson and
zhenpanda
as code owners
✅ Deploy Preview for phillips-seldon ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
🚀 Storybook preview is ready. • Preview: https://68b9f094608b90f3cfec5a06-hxcqbnqmix.chromatic.com/ |
There was a problem hiding this comment.
Pull request overview
This PR tightens and standardizes the repo’s Node/npm toolchain requirements by bumping the required runtime versions and enforcing minimum “age” for dependency releases (to reduce exposure to brand-new package publishes).
Changes:
- Add
enginesconstraints for Node and npm and mirror them into the lockfile. - Bump the development Node version via
.nvmrcand update the lint workflow to use it. - Enforce npm engine strictness + a minimum release age, and add a Dependabot cooldown window.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Adds Node/npm engines requirements. |
| package-lock.json | Records the root package engines in the lockfile. |
| .nvmrc | Bumps the pinned Node version to v24.15.0. |
| .npmrc | Enables engine-strict and sets min-release-age=7. |
| .github/workflows/lint.yml | Switches lint CI to use .nvmrc via node-version-file. |
| .github/dependabot.yml | Adds a 7-day Dependabot cooldown with scoped exclusions. |
| "@rollup/rollup-win32-x64-msvc": "^4.59.0" | ||
| }, | ||
| "engines": { | ||
| "node": ">=24.14.1", |
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: '18.x' | ||
| node-version-file: '.nvmrc' | ||
| cache: 'npm' |
| "@testing-library/react": "^16.0.0", | ||
| "@testing-library/user-event": "^14.5.2", | ||
| "@types/color": "^3.0.6", | ||
| "@types/node": "^22.12.0", |
There was a problem hiding this comment.
| "@types/node": "^24.14.1", |
| @@ -0,0 +1,2 @@ | |||
| engine-strict=true | |||
There was a problem hiding this comment.
is there an package exclusion field here we can use or are we waiting to change our package manager?
scottdickerson
left a comment
scottdickerson
left a comment
There was a problem hiding this comment.
might have to remove the min package age until we can get package exclusions working. TBH I don't foresee seldon depending on any other phillips package so we probably could remove that entirely from this PR
npm and node bump, min ages for packages
see https://github.com/PhillipsAuctionHouse/phillips-public-remix/pull/2180