Skip to content

chore: Node 22 + ESM #4059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
erickzhao wants to merge 23 commits into
base: next
Choose a base branch
from
Draft

chore: Node 22 + ESM #4059

erickzhao wants to merge 23 commits into from
+2,787 −2,743

Conversation

@erickzhao
Copy link
Member

@erickzhao erickzhao commented Nov 26, 2025
edited
Loading

WIP.

Closes #3623
Closes #3684

  • Bump engines to Node 22
  • Update @types/node dependencies
  • Upgrade all @electron/ packages to their latest major versions
  • Use type: module in package.json
  • Drop support Rechoir/Interpret configurations
  • Replace ts-node with tsx
  • Remove dependencies on distutils and Python 3.11
  • Replace lodash with lodash-es
  • Upgrade to Vitest 4
  • Get fast tests to pass
  • Remove Lodash entirely
  • Check if we still need jiti for the configuration loading
  • Check Forge configuration ESM/CJS compatibility
  • Check Webpack plugin ESM/CJS compatibility
  • Check Vite plugin ESM/CJS compatibility
  • Re-enable ESLint import plugin with correct ESM parsing
  • Ensure Forge configurations can still be loaded properly in ESM and CJS
  • Pare down PR into its minimal work product and split off other changes into separate PRs

Split off PRs:

@socket-security
Copy link

socket-security bot commented Nov 26, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​cross-zip@​4.0.2821005977100
Added@​tsconfig/​node22@​22.0.51001007091100
Added@​types/​lodash-es@​4.17.121001007780100
Addedlodash-es@​4.17.211001007983100
Updatedvitest@​3.1.3 ⏵ 4.0.1498 +11007999100
Updated@​electron/​get@​3.0.0 ⏵ 4.0.299 +310010080100
Updated@​electron/​fuses@​1.8.0 ⏵ 2.0.0100 +11009481 +1100
Updated@​types/​node@​18.19.68 ⏵ 22.10.10100 +110081 +195100
Addedtsx@​4.20.61001008190100
Updated@​electron/​rebuild@​3.7.0 ⏵ 4.0.199 +810010082100
Updatedvite@​6.4.1 ⏵ 7.2.498 +31008298 -1100
Updated@​electron/​lint-roller@​1.10.1 ⏵ 3.1.384 +110086 +188 +8100
Updated@​electron/​osx-sign@​1.3.1 ⏵ 2.3.0100 +210010087100
Updatedtypescript@​4.8.4 ⏵ 5.9.3100 +110090 -1010090 +10
Addedmarkdownlint-cli2@​0.19.19910010091100
Updated@​electron/​packager@​18.3.5 ⏵ 19.0.198 +110010091 +2100
Addedgot@​14.6.49910010092100
Added@​electron-forge/​template-base@​100.0.0100100100100100

View full report

@erickzhao erickzhao added the next label Nov 27, 2025
@erickzhao erickzhao changed the title chore: upgrade major versions to Node 22 chore: Node 22 + ESM Dec 2, 2025
@socket-security
Copy link

socket-security bot commented Dec 4, 2025
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Medium
Low adoption: npm obug

Location: Package overview

From: ?npm/vitest@4.0.14npm/obug@2.1.1

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/obug@2.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@erickzhao erickzhao mentioned this pull request Dec 4, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

next

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erickzhao