NIFI-15799 - Upgrade to NodeJS 24#11109
Merged
mcgilman merged 2 commits intoapache:mainfrom Apr 7, 2026
Merged
Conversation
Contributor
Author
|
This PR also addresses Dependabot issues: |
Contributor
exceptionfactory
left a comment
exceptionfactory
left a comment
There was a problem hiding this comment.
Thanks for working on this @rfellows!
Quick procedural note, looks like three new files need license headers:
nifi/nifi-frontend/src/main/frontend/.npmrc
nifi/nifi-frontend/src/main/frontend/.nvmrc
nifi/nifi-frontend/src/main/frontend/.tool-versions
Contributor
Author
Thanks, these are more like other files that we exclude from RAT. I'll update the exclusions to included these files as well. This follows the existing pattern in the |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
NIFI-15799: Upgrade nifi-frontend to Node 24 LTS
Description
This change moves the nifi-frontend toolchain from Node 22 to Node 24.14.1 (LTS). The root
pom.xmlnode.versionproperty is what CI and Maven use: frontend-maven-plugin downloads that exact Node binary during builds.Local workflows are aligned with that version: package.json
engines.nodeis narrowed to Node 24.x only, engine-strict is enabled via .npmrc, and version manager hints (.nvmrc, .tool-versions) are added and tracked. package-lock.json was regenerated under Node 24.14.1.npm overrides add pinned resolutions for picomatch (^4.0.4) and lodash-es (^4.18.0) to address reported vulnerabilities. After regen, npm audit reports 0 vulnerabilities.
What's Changed
Maven (authoritative for CI)
<node.version>v22.19.0 -> v24.14.1 (frontend-maven-plugin download target).Local development enforcement
engines.node^20.19.0 || ^22.13.0 || >=24.0.0 -> ^24.0.0 (24.x only; no broad>=24that would allow future majors).engine-strict=trueso wrong Node fails fast onnpm install/npm ci.24for nvm/fnm.nodejs 24.14.1for asdf; .gitignore no longer ignores/.tool-versionsso it can be committed.Dependencies and security
overrides: picomatch ^4.0.4; lodash-es ^4.18.0 (method injection / ReDoS / template / prototype-pollution fixes).Key Features / Architecture
<node.version>via frontend-maven-plugin. The new engines / .npmrc / dotfiles affect direct npm/npx use in nifi-frontend/src/main/frontend.mvn installwithoutcleancan fail if target/ still contains Node 22-era frontend artifacts alongside a freshly downloaded Node 24 toolchain.mvn clean install(or a one-timemvn clean) fixes that.Screenshots
No UI changes.
Validation
mvn clean install -pl nifi-frontend: BUILD SUCCESS (~2m 29s).npm audit: 0 vulnerabilities.