Skip to content

Update: Node engine requirements bumped to >=18 and some optionalDependencies packages bumped for security patches #3713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 21, 2025
Merged

Update: Node engine requirements bumped to >=18 and some optionalDependencies packages bumped for security patches #3713

merged 4 commits into from
Oct 21, 2025

Conversation

@cahirodoherty-learningpool
Copy link
Contributor

@cahirodoherty-learningpool cahirodoherty-learningpool commented Aug 13, 2025
edited
Loading

Fixes #3712

Update

  • Node engine requirements bumped to >=18
  • optionalDependencies packages bumped for security patches

@cahirodoherty-learningpool
Breaking: Node engine requirements bumped to >=18 and some optionalDe…
196f4f0 
…pendencies packages bumped for security patches
Copilot AI reviewed Aug 13, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the Node.js engine requirement from >=16 to >=18 and bumps several optional imagemin dependencies to address security vulnerabilities. The changes also update the module import statements to use ES6 dynamic imports instead of CommonJS require statements.

  • Node.js engine requirement increased to >=18 (breaking change)
  • Updated four imagemin-related optional dependencies to newer major versions
  • Modified import statements to use ES6 dynamic imports for imagemin packages

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
package.json Updates Node.js engine requirement and bumps imagemin optional dependencies
grunt/tasks/compress.js Changes require statements to ES6 dynamic imports for imagemin modules

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@cahirodoherty-learningpool
Copy link
Contributor Author

@oliverfoster The Breaking key word here will bump the package by a major version. This is the correct semantic approach in my opinion (as the underlying node engine requirement will potentially force client environment upgrades)
Previous references to "V6" will be outdated, but these seem to have stalled somewhat in any case. Any thought on this?

@oliverfoster
Copy link
Member

oliverfoster commented Aug 13, 2025
edited
Loading

image

https://docs.npmjs.com/cli/v11/configuring-npm/package-json#engines

I don't think it is necessary, unless the user has engine-strict enabled.

(v6 as it was, the bower > npm stuff is progressing, albeit slowly)

@cahirodoherty-learningpool cahirodoherty-learningpool changed the title Breaking: Node engine requirements bumped to >=18 and some optionalDependencies packages bumped for security patches Update: Node engine requirements bumped to >=18 and some optionalDependencies packages bumped for security patches Aug 14, 2025
@cahirodoherty-learningpool cahirodoherty-learningpool moved this from New to Needs Reviewing in adapt_framework: The TODO Board Aug 14, 2025
@oliverfoster
Copy link
Member

oliverfoster commented Oct 21, 2025
edited
Loading

image

https://github.com/imagemin/imagemin-svgo

@cahirodoherty-learningpool cahirodoherty-learningpool merged commit 6e9b18b into master Oct 21, 2025
1 check passed
@cahirodoherty-learningpool cahirodoherty-learningpool deleted the issue/3712 branch October 21, 2025 13:03
@github-project-automation github-project-automation bot moved this from Needs Reviewing to Recently Released in adapt_framework: The TODO Board Oct 21, 2025
github-actions bot pushed a commit that referenced this pull request Oct 21, 2025
@semantic-release-bot
Chore(release): 5.53.0 [skip ci]
b7df4f7 
# [5.53.0](v5.52.6...v5.53.0) (2025-10-21)

### Update

* Node engine requirements bumped to >=18 and some optionalDependencies packages bumped for security patches (#3713) ([6e9b18b](6e9b18b)), closes [#3713](#3713)
@github-actions
Copy link

🎉 This PR is included in version 5.53.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@oliverfoster oliverfoster oliverfoster approved these changes

@ethan-lp ethan-lp ethan-lp approved these changes

@lemmyadams lemmyadams lemmyadams approved these changes

@swashbuck swashbuck Awaiting requested review from swashbuck

@joe-allen-89 joe-allen-89 Awaiting requested review from joe-allen-89

Assignees

@cahirodoherty-learningpool cahirodoherty-learningpool

Labels

released

Projects

adapt_framework: The TODO Board
Status: Recently Released

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Some package updates required to combat security vulnerabilities

5 participants

@cahirodoherty-learningpool @oliverfoster @ethan-lp @lemmyadams