-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fhammerl/bump workflows node versions #1230
Conversation
@@ -22,12 +22,12 @@ jobs: | |||
|
|||
steps: | |||
- name: Checkout | |||
uses: actions/checkout@v2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should use @V3 even though we backported the savestate filecommand fix 🤷♂️
- name: Set Node.js 12.x | ||
uses: actions/setup-node@v1 | ||
- name: Set Node.js 16.x | ||
uses: actions/setup-node@v3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
setup-node@v3 brings an npm version that can properly handle "lockfileVersion": 2
, which is what we aim to use in our package-lock
files
Are you waiting for something in particular? The deprecated warnings for PRs to this repository are frustrating. |
We'll be targeting Node 16, not 14. We're looking to roll it out as soon as we can. |
Merged the other one |
npm run audit-all
andnpm audit --audit-level=moderate --json | scripts/audit-allow-list || npm audit --audit-level=moderate
(defined inaudit.yml
) are currently failing due to npm vulnerabilities.I ran
npm audit fix
at root level and for the packages that failed thenpm run audit-all
checks, checked in the newpackage-lock.json
.This fixed the vulnerabilities by updating to new versions, but jumping from Lerna 5.4.0 to Lerna 5.6.2 necessiates node 14 at least, so I updated our workflows to use nodev16
setup-node@v3 brings an npm version that can properly handle "lockfileVersion": 2, which is what we aim to use in our package-lock files