chore: update action runtime to Node 24#70
Merged
JakeTowers merged 3 commits intoMay 1, 2026
Conversation
Contributor
Author
|
@IanMoroney Can you approve the workflows pelase. |
JakeTowers
force-pushed
the
chore/update-to-node24
branch
2 times, most recently
from
8884d4c to
30201b1
Compare
Updates the action to Node 24 to address the upcoming Node 20 deprecation in GitHub Actions runners (June 2026). - action.yml: runs.using node20 -> node24 - @types/node: ^18 -> ^24 - tsconfig: target/lib ES2019 -> ES2022 - @actions/core: ^1.10.1 -> ^2.0.3 (CJS-compatible, patched undici) - @actions/github: ^6.0.0 -> ^8.0.1 (CJS-compatible, patched undici) - xml2js: ^0.4.23 -> ^0.6.2 (prototype pollution fix) - jest-junit: ^16 -> ^17 (uuid bounds-check fix) - npm audit fix for transitive vulns (babel, octokit, ajv, brace-expansion, braces, cross-spawn, flatted, js-yaml, micromatch, minimatch, picomatch) Result: 20 -> 0 npm audit vulnerabilities. Build, lint, format, and the existing 29-test suite all pass. dist/ rebuilt via ncc. Did not bump @actions/core@3 / @actions/github@9 (both ESM-only), which would require converting the project to ESM. Closes phoenix-actions#69 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
JakeTowers
force-pushed
the
chore/update-to-node24
branch
from
30201b1 to
4c0270b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates the action to Node 24 ahead of the Node 20 deprecation in GitHub Actions runners (June 2026), and resolves all outstanding
npm auditvulnerabilities along the way.Closes #69
Changes
action.yml:runs.usingnode20→node24tsconfig.json:target/libES2019→ES2022(Node 24 supports it natively; smaller, more readable bundle)@types/node:^18→^24@actions/core:^1.10.1→^2.0.3(last CJS-compatible major; pulls patchedundici@6.xvia@actions/http-client@3)@actions/github:^6.0.0→^8.0.1(last CJS-compatible major; pulls patchedundici@6.x)xml2js:^0.4.23→^0.6.2— prototype pollution fixjest-junit:^16→^17— picks up patcheduuidnpm audit fix: babel, octokit-*, ajv, brace-expansion, braces, cross-spawn, flatted, js-yaml, micromatch, minimatch, picomatchsrc/utils/github-utils.ts: removed redundantas stringcast that the new octokit types make unnecessarydist/: rebuilt vianpm run packageResult
npm audit: 20 vulnerabilities → 0npm run build,npm run lint,npm run format-check: passnpm test: 29/29 passNote on
@actions/core@3/@actions/github@9Both went ESM-only, which would require converting the whole project to ESM (changing
package.jsontype, adding.jsextensions to all relative imports, reworking the jest config, etc.). I deliberately stopped at the last CJS-compatible majors (v2 and v8) which still patch the underlyingundiciadvisories. Happy to do the ESM migration in a follow-up PR if you'd prefer that direction.Test plan
npm installproduces0 vulnerabilitiesnpm run buildpassesnpm run lintpassesnpm run format-checkpassesnpm test— all 29 tests pass with snapshots intactnpm run packageregeneratesdist/🤖 Generated with Claude Code