Skip to content

Update minimum Node.js version to 22, updates dependencies #5433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: 1.0-develop
Choose a base branch
from
Open

Update minimum Node.js version to 22, updates dependencies #5433

wants to merge 16 commits into from

Conversation

@DaneEveritt
Copy link
Member

@DaneEveritt DaneEveritt commented Nov 25, 2025
edited
Loading

This PR updates the codebase to support Node 22 as the minimum version and updates many of the dependencies to either their latest version, or the latest version of the defined major grouping. This addresses many of the audit warnings for various security vulnerabilities and should ensure we have an easier time maintaining and upgrading packages down the road since it has been quite some time since things were updated here.

I didn't get a chance to test these changes against most of the server pages because of some Docker annoyances on my local that I need to sort out first.

Other Notes

  • Removed TypeScript type checking from the webpack builds and HMR — this slows everything down and is pretty pointless since all modern IDEs do type checking on their own, and we can run tsc --noEmit before builds in CI to verify no issues.
  • Removed eslint from the build process as well, for the same reasons above.

Note

There are a bunch of little commits because that was the easiest way to slowly update while checking builds each time. Recommend squash merging this PR into 1.0-develop so it is one update.

@DaneEveritt DaneEveritt force-pushed the dane/update-dependencies branch from 0efa6c5 to 6d0818d Compare November 25, 2025 01:30
PadowYT2
PadowYT2 reviewed Nov 25, 2025
View reviewed changes
package.json
"build": "cross-env NODE_ENV=development ./node_modules/.bin/webpack --progress",
"build:production": "yarn run clean && cross-env NODE_ENV=production ./node_modules/.bin/webpack --mode production",
"serve": "yarn run clean && cross-env WEBPACK_PUBLIC_PATH=/webpack@hmr/ NODE_ENV=development webpack-dev-server --host 0.0.0.0 --port 8080 --public https://pterodactyl.test --hot"
"build:production": "yarn run clean && cross-env NODE_ENV=production NODE_OPTIONS=--openssl-legacy-provider ./node_modules/.bin/webpack --mode production",
Copy link

@PadowYT2 PadowYT2 Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As webpack was updated, this change is no longer needed

[nix-shell:~/repos/panel]# node -v
v22.20.0

[nix-shell:~/repos/panel]# yarn build:production
yarn run v1.22.22
$ yarn run clean && cross-env NODE_ENV=production ./node_modules/.bin/webpack --mode production
...
Done in 13.62s.

rmartinoscar
rmartinoscar reviewed Nov 25, 2025
View reviewed changes
.github/workflows/build.yaml
Comment on lines 33 to +37
- name: Install dependencies
run: yarn install --frozen-lockfile

- name: Build
run: yarn build:production
- run: yarn tsc
- run: yarn lint
- run: yarn build:production
Copy link

@rmartinoscar rmartinoscar Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Build
run: yarn build:production
- run: yarn tsc
- run: yarn lint
- run: yarn build:production
- name: Install & Build dependencies
run: |
yarn install --frozen-lockfile
yarn tsc
yarn lint
yarn build:production

rmartinoscar
rmartinoscar reviewed Nov 25, 2025
View reviewed changes
.github/workflows/release.yaml
Comment on lines 24 to 30
- name: Install dependencies
run: yarn install --frozen-lockfile

- run: yarn tsc
- run: yarn lint
- name: Build
run: yarn build:production
Copy link

@rmartinoscar rmartinoscar Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Install dependencies
run: yarn install --frozen-lockfile
- run: yarn tsc
- run: yarn lint
- name: Build
run: yarn build:production
- name: Install & Build dependencies
run: |
yarn install --frozen-lockfile
yarn tsc
yarn lint
yarn build:production

rmartinoscar
rmartinoscar reviewed Nov 25, 2025
View reviewed changes
package.json
"i18next": "^21.8.9",
"i18next-http-backend": "^1.4.1",
"i18next-multiload-backend-adapter": "^1.0.0",
"pathe": "^2.0.3",
Copy link

@rmartinoscar rmartinoscar Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why use an external library when you already have node:path and you are already using it ?

panel/webpack.config.js

Line 1 in 6d0818d

const path = require('node:path');

panel/webpack.config.js

Line 18 in 6d0818d

path: path.join(__dirname, '/public/assets'),

Copy link

@PadowYT2 PadowYT2 Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A package is required here as the node: protocol isn't accessible on the frontend. You would need to polyfill it which needs an external library and in result the asset will be much bigger than just using pathe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@rmartinoscar rmartinoscar rmartinoscar left review comments

@PadowYT2 PadowYT2 PadowYT2 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@DaneEveritt @rmartinoscar @PadowYT2