Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fhammerl/bump workflows node versions #1230

Closed
wants to merge 16 commits into from
Closed

Fhammerl/bump workflows node versions #1230

wants to merge 16 commits into from

Conversation

fhammerl
Copy link
Contributor

@fhammerl fhammerl commented Nov 4, 2022
edited
Loading

npm run audit-all and npm audit --audit-level=moderate --json | scripts/audit-allow-list || npm audit --audit-level=moderate (defined in audit.yml) are currently failing due to npm vulnerabilities.

I ran npm audit fix at root level and for the packages that failed the npm run audit-all checks, checked in the new package-lock.json.

This fixed the vulnerabilities by updating to new versions, but jumping from Lerna 5.4.0 to Lerna 5.6.2 necessiates node 14 at least, so I updated our workflows to use nodev16

setup-node@v3 brings an npm version that can properly handle "lockfileVersion": 2, which is what we aim to use in our package-lock files

@fhammerl fhammerl requested review from a team as code owners November 4, 2022 11:19
fhammerl
fhammerl commented Nov 4, 2022
View reviewed changes
.github/workflows/artifact-tests.yml
@@ -22,12 +22,12 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v2
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should use @V3 even though we backported the savestate filecommand fix 🤷‍♂️

fhammerl
fhammerl commented Nov 4, 2022
View reviewed changes
.github/workflows/artifact-tests.yml
- name: Set Node.js 12.x
uses: actions/setup-node@v1
- name: Set Node.js 16.x
uses: actions/setup-node@v3
Copy link
Contributor Author

@fhammerl fhammerl Nov 4, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

setup-node@v3 brings an npm version that can properly handle "lockfileVersion": 2, which is what we aim to use in our package-lock files

@felixlut felixlut mentioned this pull request Nov 6, 2022
Merged
@jsoref
Copy link
Contributor

jsoref commented Nov 27, 2022

Are you waiting for something in particular? The deprecated warnings for PRs to this repository are frustrating.

@fhammerl
Copy link
Contributor Author

fhammerl commented Dec 8, 2022

Are you waiting for something in particular? The deprecated warnings for PRs to this repository are frustrating.

We'll be targeting Node 16, not 14. We're looking to roll it out as soon as we can.

@fhammerl
Copy link
Contributor Author

fhammerl commented Mar 6, 2023

Merged the other one

@fhammerl fhammerl closed this Mar 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vanZeben vanZeben vanZeben approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fhammerl @jsoref @vanZeben