You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Upgrades the Snyk CLI repository to Node.js 22 LTS (CLI-1469): engines.node → ^22, .nvmrc and CI defaults aligned on the chosen 22.x patch, dependency / lockfile updates as needed, and GitHub Actions + CircleCI config adjusted so Linux/Windows/macOS pipelines install and test against 22 (including native build / embedded CLI paths where applicable). Documentation is updated so supported Node versions match what we actually run in CI.
Why Node 22 and not Node 24 (for now)
Still LTS, smaller jump:22 is a supported LTS line and is a deliberate step up from 20 without adopting the newest major immediately.
Avoid Node 24–specific test / stderr churn: On Node 24 we saw deprecation warnings on stderr (e.g. legacy url.parse, child_process + shell behaviour) from transitive dependencies. Many Jest acceptance tests assert stderr is empty, so those warnings fail CI unless we upgrade dependencies, change spawn behaviour, or filter stderr in tests. On 22, we expect to validate real behaviour without that layer of suppression.
Stabilize CI first: Land 22, get green pipelines and product confidence, then plan 24 with dependency upgrades and any intentional code changes, rather than coupling the version bump to test-harness workarounds.
Notes for the reviewer
Confirm CircleCI executor images, GitHub Actions node-version, .nvmrc, and engines are all consistent with the same 22.x line.
Confirm Windows install path (install-node.ps1 / NVM + MSI fallback) matches the pinned version and checksum where used.
If we narrow or change test matrices, confirm that matches intended support policy for the CLI.
danskmt
changed the title
chore: [Test Deprecated Warnings on Node 22] upgrade Node.js runtime from 18 to 22 LTS
chore: upgrade Node.js runtime from 18 to 22 LTS
May 5, 2026
The smoke test matrix still includes Node 16, 18, and 20, but the PR makes changes that break compatibility with these versions. Specifically, package.json now requires Node ^22, and several core dependencies like snyk-gradle-plugin (v6.0.0) and snyk-nodejs-plugin (v2.0.0) have moved their minimum requirements to Node 20.19+ or 22+ (see package-lock.json). Running smoke tests on 16 or 18 will fail during npm install or execution.
The PR includes major version bumps for core scanning plugins: snyk-gradle-plugin (5.1.1 to 6.0.0) and snyk-nodejs-plugin (1.6.3 to 2.0.0). These are critical modules for the CLI's scanning logic. While necessary for Node 22 support, these major versions likely contain breaking changes in manifest parsing or dependency resolution that are not mentioned in the PR description, posing a significant operational risk to the scanner's stability.
Setting engines.node to ^22 is overly restrictive for a CLI tool. It prevents the package from being installed on Node 20 (which is still a supported LTS) and will block installation on future major versions like Node 23 or 24. Standard practice for Node LTS upgrades is to use a range like >=22 or ^20 || ^22 to maintain compatibility with existing LTS environments while targeting the new version.
"node": "^22"
📚 Repository Context Analyzed
This review considered 27 relevant code sections from 1 files (average relevance: 0.88)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
danskmt
force-pushed
the
chore/CLI-1469-upgrade-node-22-e2e
branch
2 times, most recently
from
PeterSchafer
force-pushed
the
chore/CLI-1469-upgrade-node-22-e2e
branch
from
Depends on #6764
What this does
Upgrades the Snyk CLI repository to Node.js 22 LTS (CLI-1469):
engines.node→^22,.nvmrcand CI defaults aligned on the chosen 22.x patch, dependency / lockfile updates as needed, and GitHub Actions + CircleCI config adjusted so Linux/Windows/macOS pipelines install and test against 22 (including native build / embedded CLI paths where applicable). Documentation is updated so supported Node versions match what we actually run in CI.Why Node 22 and not Node 24 (for now)
url.parse,child_process+shellbehaviour) from transitive dependencies. Many Jest acceptance tests assertstderris empty, so those warnings fail CI unless we upgrade dependencies, change spawn behaviour, or filter stderr in tests. On 22, we expect to validate real behaviour without that layer of suppression.Notes for the reviewer
node-version,.nvmrc, andenginesare all consistent with the same 22.x line.install-node.ps1/ NVM + MSI fallback) matches the pinned version and checksum where used.More information
Screenshots
N/A