feat: upgrade Node.js to 18.x LTS and update package manager

[devin-ai-integration]

feat: upgrade Node.js to 18.x LTS and update package manager

Summary

This PR upgrades the Node.js runtime from the End-of-Life version >=8.15.1 to Node.js 18.20.4 LTS, addressing critical security vulnerabilities and ensuring long-term support. The upgrade includes:

• Updated .nvmrc files to specify Node.js 18.20.4
• Updated package.json engines field to require Node.js >=18.20.4 and npm >=8
• Regenerated yarn.lock files with updated dependency resolution

⚠️ Critical Compatibility Issues Discovered:

• bank-client: Requires NODE_OPTIONS="--openssl-legacy-provider" due to OpenSSL compatibility with older webpack configuration
• bank-client: Webpack build errors with optional chaining syntax in dependencies (react-draggable)
• bank-server: TypeScript compilation errors (appear to be pre-existing, server runs despite errors)

Review & Testing Checklist for Human

• Test bank-client startup: Verify NODE_OPTIONS="--openssl-legacy-provider" yarn start works and application loads at http://localhost:3000
• Test bank-server startup: Verify yarn start:dev works and server runs (ignore TypeScript compilation warnings)
• Functional testing: Test core banking application features to ensure no regressions
• Evaluate webpack/babel upgrade: Consider whether to update build configuration for full Node.js 18 compatibility instead of using legacy provider flag
• Version choice validation: Confirm Node.js 18.20.4 LTS is preferred over Node.js 20.x LTS for this project

Recommended Test Plan:

1. Switch to Node.js 18.20.4 using nvm/nvmrc
2. Run yarn install in both repositories
3. Start both applications and verify they load without crashes
4. Test login, account creation, transactions, and other core features
5. Check browser console for any new errors or warnings

---

Diagram

%%{ init : { "theme" : "default" }}%%
graph TD
    subgraph bank-client
        BC_NVM[".nvmrc<br/>lts/dubnium → 18.20.4"]:::major-edit
        BC_PKG["package.json<br/>engines: node >=18.20.4"]:::major-edit
        BC_LOCK["yarn.lock<br/>(regenerated)"]:::minor-edit
    end
    
    subgraph bank-server
        BS_NVM[".nvmrc<br/>(new file: 18.20.4)"]:::major-edit
        BS_PKG["package.json<br/>engines: node >=18.20.4"]:::major-edit
        BS_LOCK["yarn.lock<br/>(regenerated)"]:::minor-edit
    end
    
    BC_NVM -.->|"controls version"| BC_PKG
    BS_NVM -.->|"controls version"| BS_PKG
    BC_PKG -.->|"triggers regen"| BC_LOCK
    BS_PKG -.->|"triggers regen"| BS_LOCK
    
    subgraph Legend
        L1[Major Edit]:::major-edit
        L2[Minor Edit]:::minor-edit
        L3[Context/No Edit]:::context
    end

classDef major-edit fill:#90EE90
classDef minor-edit fill:#87CEEB
classDef context fill:#FFFFFF

Loading

Notes

• Session Reference: Work completed by @akkp-windsurf (Arthur Poon) in Devin session: https://app.devin.ai/sessions/76a31d7c618d434caf5524c11a0ec469
• Node.js Choice: Selected 18.20.4 LTS over 20.x due to better compatibility with existing dependencies
• OpenSSL Issue: The --openssl-legacy-provider flag is a temporary workaround; consider updating webpack configuration for a permanent solution
• No CI: Neither repository has CI configured, making manual testing critical
• TypeScript Errors: bank-server has extensive TypeScript compilation errors that appear unrelated to this upgrade but should be addressed separately

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring