breaking: drop node v18

[kazupon]

Description

Linked Issues

Additional context

Summary by CodeRabbit

• Chores
  • Updated minimum Node.js version requirement to 20.
  • Configured pnpm as the official package manager with version specifications.
  • Updated CI/CD workflows to use Node.js 20 across all build, test, and release processes.

[coderabbitai]

Walkthrough

The pull request upgrades the minimum Node.js runtime version from 18 to 20 across CI workflows and package configuration. It also declares pnpm as the package manager with a specific version and integrity hash in package.json.

Changes

Cohort / File(s)	Summary
Node.js Version Updates \\.github/workflows/ci.yml, \\.github/workflows/release.yml	Updated Node.js version from 18 to 20 in CI and release workflows across build, test, e2e, and edge-release jobs.
Package Configuration package.json	Bumped Node engine requirement from >=18 to >=20 and added packageManager field declaring pnpm with specific version and integrity hash.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Version bumps are straightforward and repetitive across workflow files
• New packageManager field is a standard npm declaration
• No complex logic or functional changes to validate

Poem

🐰 Node's now twenty, the engines aligned,
With pnpm declared and versions refined,
Workflows updated with precision so keen,
The newest and greenest our pipelines have seen!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'breaking: drop node v18' directly and clearly describes the main change: dropping Node.js v18 support, which is accurately reflected in the changeset updates to CI workflows, release workflow, and package.json engine requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch breaking/drop-node-v18

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a8e984 and df485ee.

📒 Files selected for processing (3)

• .github/workflows/ci.yml (4 hunks)
• .github/workflows/release.yml (1 hunks)
• package.json (2 hunks)

🔇 Additional comments (3)

.github/workflows/release.yml (1)

34-34: Node.js version bump is consistent and correct.

The change from Node 18 to Node 20 aligns with the PR objective and matches the CI workflow updates.

package.json (1)

29-29: Engine requirement updated correctly.

The minimum Node.js requirement is now aligned with the PR objective of dropping Node v18 support.

.github/workflows/ci.yml (1)

39-39: Node.js matrix versions updated consistently across all CI jobs.

All workflow jobs (build, test, e2e, edge-release) now test only against Node 20, which aligns with the updated engine requirement in package.json.

Also applies to: 74-74, 114-114, 185-185

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify the pnpm packageManager integrity hash.

The packageManager field declaration with integrity hash is a good practice for reproducibility, but the hash should be validated to ensure it matches the declared pnpm version.

---

🏁 Script executed:

#!/bin/bash
# Description: Verify pnpm@9.5.0 integrity hash and search for other Node version configs

# Fetch pnpm@9.5.0 tarball metadata from npm registry
echo "=== Checking pnpm@9.5.0 metadata from npm registry ==="
curl -s https://registry.npmjs.org/pnpm/9.5.0 | jq '.dist | {version, shasum, integrity}'

# Search for other Node version configuration files
echo ""
echo "=== Searching for other Node version configuration files ==="
fd -e nvmrc -e tool-versions -e .node-version 2>/dev/null || echo "No .nvmrc, .tool-versions, or .node-version files found"

Length of output: 308

---

Fix the pnpm packageManager integrity hash.

The integrity hash in package.json does not match the official pnpm@9.5.0 release from npm registry:

• Registry hash: sha512-FAA2gwEkYY1iSiGHtQ0EKJ1aCH8ybJ7fwMzXM9dsT1LDoxPU/BSHlKKp2BVTAWAE5nQujPhQZwJopzh/wiDJAw==
• Declared hash: sha512.140036830124618d624a2187b50d04289d5a087f326c9edfc0ccd733d76c4f52c3a313d4fc148794a2a9d81553016004e6742e8cf850670268a7387fc220c903

Update the hash to match the registry to ensure reproducibility and prevent unexpected version mismatches.

🤖 Prompt for AI Agents

In package.json around line 129, the packageManager integrity hash for
pnpm@9.5.0 is incorrect; replace the current value after the "+" with the
official registry integrity string so the entry reads
pnpm@9.5.0+sha512-FAA2gwEkYY1iSiGHtQ0EKJ1aCH8ybJ7fwMzXM9dsT1LDoxPU/BSHlKKp2BVTAWAE5nQujPhQZwJopzh/wiDJAw==,
ensuring the file uses the exact registry hash to guarantee reproducible
installs.