Update Node.js to v24.14.x and npm to v11.11.0 across build infrastructure#66173
Update Node.js to v24.14.x and npm to v11.11.0 across build infrastructure#66173
Conversation
…npmrc Agent-Logs-Url: https://github.com/dotnet/aspnetcore/sessions/55ceeb17-c830-4b8e-822f-8baeb2098c14 Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
github-actions
bot
added
the
area-infrastructure
There was a problem hiding this comment.
Pull request overview
Updates the repo’s JavaScript toolchain baseline by moving build infrastructure to Node.js 24 and npm 11, and adds an npm configuration intended to delay adoption of very recent package releases.
Changes:
- Bump
package.jsonengine requirements to Node>=24.14.1and npm>=11.11.0. - Add
min-release-age=3dto.npmrc. - Update Azure Pipelines
NodeTool@0steps to install Node24.x.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| package.json | Raises declared minimum Node/npm versions via engines. |
| .npmrc | Adds a minimum release age policy for npm package installs. |
| .azure/pipelines/jobs/default-build.yml | Updates NodeTool tasks from 20.x to 24.x in default build jobs. |
| .azure/pipelines/ci.yml | Updates the CI pre-step NodeTool task from 20.x to 24.x. |
| displayName: Install Node 24.x | ||
| inputs: | ||
| versionSpec: 20.x | ||
| versionSpec: 24.x |
There was a problem hiding this comment.
versionSpec: 24.x can resolve to a Node 24 release lower than the minimum required by package.json (>=24.14.1). To ensure builds always satisfy the declared engine requirement and are reproducible, pin the pipeline NodeTool versionSpec to at least 24.14.1 (e.g., 24.14.1 or 24.14.x).
There was a problem hiding this comment.
Updated all NodeTool versionSpec to 24.14.x to ensure builds satisfy the minimum requirement (>=24.14.1). Also updated GitHub Actions workflows to use the same pinned version. Changes in commit a38f236.
There was a problem hiding this comment.
@copilot why would this resolve a lower version?
we recently bumped to 24.x in dotnet/dotnet@c2e6a4e and this installs 24.14.1
There was a problem hiding this comment.
The concern was that 24.x could theoretically resolve to any 24.x version (e.g., 24.0.0, 24.1.0) when new agent images are released, potentially below the package.json requirement of >=24.14.1. However, if Azure Pipelines NodeTool@0 with 24.x is already reliably installing 24.14.1+ (as you've confirmed), then 24.x would be sufficient. The change to 24.14.x provides more explicit alignment with the minimum version and prevents any edge cases, but either approach should work in practice if the tool consistently resolves to recent patch versions.
| displayName: Install Node 24.x | ||
| inputs: | ||
| versionSpec: 20.x | ||
| versionSpec: 24.x |
There was a problem hiding this comment.
versionSpec: 24.x can install a Node 24 version below the repo’s declared minimum (>=24.14.1 in package.json). Pin NodeTool to 24.14.1 (or 24.14.x) so the build reliably uses a compatible Node version.
.azure/pipelines/ci.yml
Outdated
| displayName: Install Node 24.x | ||
| inputs: | ||
| versionSpec: 20.x | ||
| versionSpec: 24.x |
There was a problem hiding this comment.
versionSpec: 24.x does not guarantee meeting the repo’s minimum Node engine (>=24.14.1). Pin NodeTool to 24.14.1 (or 24.14.x) to avoid intermittent failures when the latest 24.x is below the required patch level.
| "node": ">=24.14.1", | ||
| "npm": ">=11.11.0" |
There was a problem hiding this comment.
The PR description says the engines field “enforce[s]” node/npm versions, but npm won’t actually block installs based on engines unless engine-strict=true (or a CI check) is in place. If enforcement is intended, add an explicit validation step / config; otherwise consider rewording the description to “document/require”.
.azure/pipelines/ci.yml
Outdated
| displayName: Install Node 24.x | ||
| inputs: | ||
| versionSpec: 20.x | ||
| versionSpec: 24.x |
There was a problem hiding this comment.
This PR is described as updating Node “across build infrastructure”, but there are GitHub Actions workflows still pinned to Node 20.x (e.g., .github/workflows/validate-npm-package-lock-json.yml, .github/workflows/update-jquery-validate.yml). If those workflows should follow the repo-wide Node baseline, update them too or clarify that only Azure Pipelines is in scope.
Agent-Logs-Url: https://github.com/dotnet/aspnetcore/sessions/f3d02514-43ef-48f7-8ac9-04f4ad78e1f8 Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
Agent-Logs-Url: https://github.com/dotnet/aspnetcore/sessions/f3d02514-43ef-48f7-8ac9-04f4ad78e1f8 Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
| "engines": { | ||
| "node": ">=20.9.0", | ||
| "npm": ">=9.3.1" | ||
| "node": ">=24.14.1", |
There was a problem hiding this comment.
@javiercn can you please check whether azurelinux has 24.14? otherwise this will break the VMR build as we use node from AZL packages there
There was a problem hiding this comment.
we checked and the AZL image has node 24.13.0 and npm 11.6.2 so this needs some updates
Update Node.js to v24.14.x and npm to v11.11.0 across build infrastructure
Upgrades Node.js from v20.x to v24.14.x and npm from v9.3.1 to v11.11.0 across all build infrastructure. Adds 3-day minimum release age for npm packages.
Description
Azure Pipelines Build Infrastructure
NodeTool@0tasks in.azure/pipelines/jobs/default-build.yml(2 instances) and.azure/pipelines/ci.ymlto install Node 24.14.xGitHub Actions Workflows
setup-nodetasks in.github/workflows/validate-npm-package-lock-json.yml,.github/workflows/update-jquery-validate.yml, and.github/workflows/markdownlint.ymlto use Node 24.14.xPackage Requirements
enginesinpackage.jsonto require node>=24.14.1and npm>=11.11.0min-release-age=3dto.npmrcto delay package adoption by 3 days after publicationSecurity
permissions: contents: readblock to.github/workflows/validate-npm-package-lock-json.ymlto follow GitHub Actions security best practicesAll Node.js versions are pinned to
24.14.xto ensure builds always meet the minimum requirement (>=24.14.1) and are reproducible.