chore: upgrade node and pnpm to latest LTS version

[MayankBansal12]

Date: 09-09-2025

Developer Name: @MayankBansal12

---

Issue Ticket Number:-

Description:

Is Under Feature Flag

• Yes
• No

Database changes

• Yes
• No

Breaking changes (If your feature is breaking/missing something please mention pending tickets)

• Yes
• No

Is Development Tested?

• Yes
• No

Tested in staging?

• Yes
• No

Add relevant Screenshot below ( e.g test coverage etc. )

Description by Korbit AI

What change is being made?

Upgrade the Node.js version to 22.x and update pnpm to version 10.10.0 across configuration files.

Why are these changes being made?

This update ensures that the project aligns with the latest Long Term Support (LTS) versions of Node.js and pnpm, providing improved security, stability, and access to the latest features. The addition of the pnpm-workspace.yaml file indicates an optimization in package management workflow by specifying built dependencies, ensuring faster and leaner builds.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Raised minimum Node.js version to 22 across the project and continuous integration.
  • Standardized package management to pnpm 10.10.0.
  • Pinned Volta toolchain to Node.js 22.19.0 for consistent local setups.
  • Optimized workspace installs by restricting built dependencies to a targeted set.

Note: You may need to upgrade your local Node.js to v22 to develop or run the project.

Walkthrough

Updated CI to use Node.js 22.x. package.json now specifies pnpm as the package manager, raises the Node engine to >=22, and updates Volta’s pinned Node to 22.19.0. pnpm-workspace.yaml adds onlyBuiltDependencies entries for selected packages.

Changes

Cohort / File(s)	Summary
CI Node version bump .github/workflows/continuous-integration.yml	Matrix node-version updated from 18.x to 22.x for lint and build jobs; other steps unchanged.
Package manager and engines package.json	Added top-level packageManager: "pnpm@10.10.0". Updated engines.node from ">= 18" to ">= 22". Updated volta.node from "18.19.1" to "22.19.0".
pnpm workspace config pnpm-workspace.yaml	Added onlyBuiltDependencies with: @fortawesome/fontawesome-common-types, @fortawesome/free-solid-svg-icons, core-js, pre-commit, spawn-sync.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly describes the core change of upgrading Node.js and pnpm to the latest LTS versions and directly reflects the primary modifications in the CI workflow, package.json, and workspace configuration without extraneous detail.
Description Check	✅ Passed	The description outlines the upgrade to Node.js 22.x, pnpm 10.10.0, and the addition of workspace dependency settings, which aligns precisely with the changes made across the CI config, package.json, and pnpm-workspace.yaml files.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

I thump my paws—Node twenty-two!
pnpm hops in, shiny and new.
Workflows purr, the checks all sing,
Volta’s pin has found its spring.
In tidy burrows, deps now brew—
Ship it swift, hop-hop—woohoo! 🐇✨

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[korbit-ai]

I've completed my review and didn't find any issues... but I did find this dinosaur.

            __
           / _)
    .-^^^-/ /
 __/       /
<__.|_|-|_|

Check out our docs on how you can make Korbit work best for you and your team.

Loving Korbit!? Share us on LinkedIn Reddit and X

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

.github/workflows/continuous-integration.yml (3)

21-31: Align toolchain versions and enable caching.

• Use the same checkout action in both jobs and bump to the latest stable major.
• Install pnpm matching packageManager (10.10.0) instead of “latest”.
• Enable setup-node cache for pnpm to speed installs.

Apply:

-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
...
-      - name: Install pnpm
-        uses: pnpm/action-setup@v2
-        with:
-          version: latest
+      - name: Install pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 10.10.0
...
-      - name: Install Dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node with cache
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'pnpm'
+      - name: Install Dependencies
+        run: pnpm install --frozen-lockfile

And in the build job:

-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
...
-      - name: Install pnpm
-        uses: pnpm/action-setup@v2
-        with:
-          version: latest
+      - name: Install pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 10.10.0
+      - name: Setup Node with cache
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'pnpm'

Also applies to: 42-54

---

35-37: Set a timeout for the build job.

Lint has timeout-minutes: 10; add one to build to avoid hung CI.

Apply:

   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 20

---

55-57: Avoid double-running lint.

The build job’s “pnpm test” triggers “pnpm:lint” per your test script, while a separate lint job already runs. Consider running tests only here to save CI time.

-      - name: Test
-        run: pnpm test
+      - name: Test
+        run: pnpm run test:ember

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c757100 and b69fa7b.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• .github/workflows/continuous-integration.yml (2 hunks)
• package.json (2 hunks)
• pnpm-workspace.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build (22.x)

🔇 Additional comments (2)

pnpm-workspace.yaml (1)

1-6: Verify allowlist completeness for onlyBuiltDependencies
Your workspace is using lockfileVersion 9.0, which doesn’t include requiresBuild metadata, so we can’t auto-detect build‐script deps. After upgrading to pnpm ≥ 10.10.0, re-run with requiresBuild⊢true detection to confirm nothing’s missing, or manually audit each dependency’s install/build scripts.

package.json (1)

118-118: Engine bump to Node >=22 acknowledged; ensure downstream tooling supports it.

Ember CLI 5.9 and related tooling generally support Node 22, but verify locally and in CI. If issues arise, consider pinning CI to 22.19.0 (Volta version).

[coderabbitai]

🧹 Nitpick (assertive)

Node 22.x matrix looks good. Consider pinning to your Volta version for reproducibility.

You pin Volta to 22.19.0 in package.json; CI currently uses 22.x. Pinning avoids drift.

Apply:

-        node-version: [22.x]
+        node-version: [22.19.0]

Also applies to: 40-40

🤖 Prompt for AI Agents

.github/workflows/continuous-integration.yml lines 18 and 40: the workflow uses
a floating node-version (22.x) which can drift from the pinned Volta/node
version in package.json; update the matrix entries to use the exact version
pinned in package.json (22.19.0) so CI uses the same Node release as Volta,
replacing 22.x with 22.19.0 at both locations.

[coderabbitai]

🛠️ Refactor suggestion

Pin pnpm in CI to match packageManager.

You set packageManager to pnpm@10.10.0; CI installs “latest”. Align to 10.10.0 to avoid policy drift with onlyBuiltDependencies.

See workflow diffs to set pnpm/action-setup version: 10.10.0.

🤖 Prompt for AI Agents

In package.json around line 9, packageManager is set to "pnpm@10.10.0" but CI
currently installs the latest pnpm; update the CI workflow(s) that set up pnpm
(e.g., .github/workflows/*) to pin the pnpm setup action/version to 10.10.0 so
the runner uses pnpm@10.10.0, ensuring consistency with packageManager and
preventing policy drift with onlyBuiltDependencies.

[coderabbitai]

🧹 Nitpick (assertive)

Volta pin looks good. Consider matching CI to 22.19.0.

Keeps parity between local and CI builds.

🤖 Prompt for AI Agents

In package.json at line 124 (package.json:124-124), Volta is pinned to "node":
"22.19.0" but CI workflows are not guaranteed to match; update your CI
configuration(s) (e.g., .github/workflows/*, .gitlab-ci.yml,
azure-pipelines.yml, or any Dockerfiles) to use Node 22.19.0 so local Volta
parity is preserved — specifically set actions/setup-node or the matrix
node-version value, update any nvm/engine or Docker base images to 22.19.0, and
run CI to confirm builds pass.

[coderabbitai]

🛠️ Refactor suggestion

Revisit entries: prefer adding actual native/build deps (e.g., esbuild, sharp, canvas) and drop no-op packages.

Font Awesome icon packs and core-js are pure JS and typically don’t need build scripts; “pre-commit” alters git hooks and is usually unnecessary in CI. Keep the list minimal and accurate to reduce surprise failures.

🤖 Prompt for AI Agents

In pnpm-workspace.yaml around lines 1 to 6, the onlyBuiltDependencies list
contains packages that are pure JS or irrelevant to native build steps (e.g.,
Font Awesome packs, core-js, pre-commit, spawn-sync); replace/remove these
entries and instead list true native/build-time dependencies your monorepo needs
(for example esbuild, sharp, canvas) and drop no-op or tooling-only packages
(like pre-commit) so the onlyBuiltDependencies accurately reflects packages that
require native builds; ensure the list is minimal and validated against packages
that actually run native install scripts.