Conversation
There was a problem hiding this comment.
Pull request overview
Updates the GitHub Actions publish workflow to use Node 20 and upgrade npm during publish, affecting how releases are published to the npm registry.
Changes:
- Switch
npm-publish-latestjob from Node 22 to Node 20. - Change npm upgrade step from
npm@10tonpm@latestduring publish.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Update npm to latest (required for OIDC) | ||
| run: npm install -g npm@latest |
There was a problem hiding this comment.
npm install -g npm@latest makes the publish workflow non-deterministic and can start failing without code changes (e.g., when a new npm major drops that changes behavior or requires a newer Node engine than v20). Please pin npm to a specific major/version range known to support the chosen Node version (e.g., npm@10 or npm@^10) or keep Node aligned with the npm version you need for OIDC.
| - name: Update npm to latest (required for OIDC) | |
| run: npm install -g npm@latest | |
| - name: Update npm to v10 (required for OIDC) | |
| run: npm install -g npm@10 |
| - uses: actions/setup-node@v6 | ||
| with: | ||
| node-version: 22 | ||
| node-version: 20 |
There was a problem hiding this comment.
This switches npm-publish-latest to Node 20, but the CI matrix builds/tests on Node 22/24 and .nvmrc pins v22.x. That means the publish path now runs on an untested Node version and is inconsistent with the repo’s declared Node version. Consider aligning the publish job with the tested/.nvmrc version, or add Node 20 to the build matrix (and ensure any tooling used during publish is compatible).
| node-version: 20 | |
| node-version: 22 |
No description provided.