Skip to content

build: update Node.js toolchain version to 24.18.0#17742

Open
diemol wants to merge 1 commit into
trunkfrom
bump-node-toolchain-npm-trusted-publishing
Open

build: update Node.js toolchain version to 24.18.0#17742
diemol wants to merge 1 commit into
trunkfrom
bump-node-toolchain-npm-trusted-publishing

Conversation

@diemol

@diemol diemol commented Jul 2, 2026

Copy link
Copy Markdown
Member

To do npm trusted publishing for Selenium's release workflow, The current version of Node pinned in toolchain in MODULE.bazel changes from 22.22.0 to 24.18.0 to get a compatible npm version.

@selenium-ci selenium-ci added the B-build Includes scripting, bazel and CI integrations label Jul 2, 2026
@qodo-code-review

Copy link
Copy Markdown
Contributor

PR Summary by Qodo

build: bump Bazel Node.js toolchain to 24.18.0 for npm trusted publishing

⚙️ Configuration changes ✨ Enhancement 🕐 Less than 5 minutes

Grey Divider

AI Description

• Bump the Bazel-pinned Node.js toolchain from 22.22.0 to 24.18.0.
• Unblock npm trusted publishing by ensuring a compatible npm version in release workflows.
Diagram

graph TD
  A["MODULE.bazel"] --> B["rules_nodejs toolchain"] --> C["npm / release workflow"]
  subgraph Legend
    direction LR
    _cfg["Config"] ~~~ _tool["Toolchain"] ~~~ _flow["Workflow"]
  end
Loading
High-Level Assessment

The following are alternative approaches to this PR:

1. Pin npm separately (keep Node 22)
  • ➕ Avoids a major Node version jump if other tooling depends on Node 22 behavior
  • ➕ Smaller surface-area change (npm-only)
  • ➖ Harder to do cleanly in Bazel toolchain flows; npm is typically coupled to Node distribution
  • ➖ May increase maintenance complexity and reduce reproducibility
2. Move publishing to a dedicated CI step with its own Node setup
  • ➕ Decouples build toolchain from release/publishing requirements
  • ➕ Lets publishing pick the minimal Node/npm version needed
  • ➖ Adds divergence between Bazel-managed toolchains and CI environment
  • ➖ More CI configuration and potential for drift

Recommendation: Bumping the Bazel-managed Node toolchain is the most straightforward way to ensure a compatible npm for trusted publishing while keeping builds reproducible. Consider a separate publishing-only Node setup only if the Node 24 bump causes downstream incompatibilities in build/test tooling.

Files changed (1) +1 / -1

Other (1) +1 / -1
MODULE.bazelUpdate rules_nodejs toolchain Node version to 24.18.0 +1/-1

Update rules_nodejs toolchain Node version to 24.18.0

• Bumps the pinned Node.js toolchain version from 22.22.0 to 24.18.0 to align npm behavior/version with trusted publishing needs.

MODULE.bazel

@qodo-code-review

Copy link
Copy Markdown
Contributor

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Grey Divider

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

Grey Divider

Qodo Logo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

B-build Includes scripting, bazel and CI integrations

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants