ci: add vulnerability update workflow

pfferrari · pfferrari · commit cef3e8dfcd70 · 2026-04-14T12:38:06.000+02:00
diff --git a/.github/workflows/gh-pages.yaml b/.github/workflows/gh-pages.yaml
@@ -18,15 +18,15 @@ jobs:
 
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: pnpm 🧰
         uses: pnpm/action-setup@v5
         with:
           version: 10
 
       - name: Node 🧰
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
           cache: 'pnpm'
diff --git a/.github/workflows/pkg-pr-new.yaml b/.github/workflows/pkg-pr-new.yaml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 
@@ -29,7 +29,7 @@ jobs:
           version: 10
 
       - name: Node 🧰
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
 
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -14,15 +14,15 @@ jobs:
 
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: pnpm 🧰
         uses: pnpm/action-setup@v5
         with:
           version: 10
 
       - name: Node 🧰
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
           registry-url: https://registry.npmjs.org
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Create a draft GitHub release 🎁
         uses: softprops/action-gh-release@v2
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -15,24 +15,24 @@ jobs:
 
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: pnpm 🧰
         uses: pnpm/action-setup@v5
         with:
           version: 10
 
       - name: Node 🧰
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
           cache: 'pnpm'
 
       - name: Install 📦
         run: pnpm install
 
-      - name: Run Lint 💅
-        run: pnpm lint
+      - name: Run Check 💅
+        run: pnpm check
 
       - name: Run TS check 🔎
         run: pnpm ts:check
diff --git a/.github/workflows/vulnerability-updates.yaml b/.github/workflows/vulnerability-updates.yaml
@@ -0,0 +1,28 @@
+name: Vulnerability update
+
+on:
+  issues:
+    types: [opened, labeled, reopened]
+  workflow_dispatch:
+
+concurrency:
+  group: vulnerability-update-${{ github.event_name }}-${{ github.event.issue.number || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  run:
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      (
+        github.event_name == 'issues' &&
+        contains(github.event.issue.labels.*.name, 'vulnerability')
+      )
+    uses: commercelayer/.github/.github/workflows/dependencies-update-pnpm.yaml@main
+    with:
+      reviewers: "malessani,gciotola,pfferrari"
+      use_milestone: false
+      run_test: true
+      run_build: true
+      run_check: true
+      issue_number: ${{ github.event_name == 'issues' && github.event.issue.number || '' }}
+    secrets: inherit
diff --git a/.lintstagedrc.json b/.lintstagedrc.json
@@ -1,3 +1,3 @@
 {
-  "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm lint:fix"]
+  "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm check:fix"]
 }
diff --git a/.ncurc.js b/.ncurc.js
diff --git a/.npmrc b/.npmrc
@@ -1,3 +1,3 @@
 engine-strict=true
 auto-install-peers=true
-use-node-version=20.19.0
+use-node-version=22.22.0
diff --git a/package.json b/package.json
@@ -8,14 +8,14 @@
     "build:elements": "pnpm --stream --filter @commercelayer/app-elements build",
     "build:abilities": "pnpm --filter docs build:abilities",
     "build:docs": "pnpm --filter docs build",
-    "lint": "pnpm biome check",
-    "lint:fix": "pnpm biome check --write",
+    "check": "pnpm biome check",
+    "check:fix": "pnpm biome check --write",
     "test": "pnpm -r test",
     "test:update": "pnpm --stream -r test:update",
     "test:watch": "pnpm --stream -r test:watch",
     "ts:check": "pnpm --stream -r ts:check",
-    "dep:major": "pnpm dlx npm-check-updates",
-    "dep:minor": "pnpm dlx npm-check-updates --target minor",
+    "dep:major": "pnpm dlx npm-check-updates --packageFile '**/package.json' -u",
+    "dep:minor": "pnpm dlx npm-check-updates -t semver --packageFile '**/package.json' -u",
     "postdep:major": "echo \"\\033[0;31mRemember to check the \\\"peerDependencies\\\" of the updated packages.\\033[0m\n\"",
     "postdep:minor": "echo \"\\033[0;31mRemember to check the \\\"peerDependencies\\\" of the updated packages.\\033[0m\n\""
   },
@@ -30,8 +30,8 @@
   },
   "license": "MIT",
   "engines": {
-    "node": ">=20",
-    "pnpm": ">=8"
+    "node": "22",
+    "pnpm": "10"
   },
   "workspaces": [
     "packages/*"
@@ -41,9 +41,5 @@
     "husky": "^9.1.7",
     "lerna": "^9.0.4",
     "lint-staged": "^16.2.7"
-  },
-  "resolutions": {
-    "postcss": "8",
-    "tar": "^7.5.7"
   }
 }
diff --git a/packages/app-elements/.lintstagedrc.json b/packages/app-elements/.lintstagedrc.json
@@ -3,5 +3,5 @@
     "bash -c \"tsc -p ./tsconfig.json --noEmit\"",
     "bash -c \"pnpm test\""
   ],
-  "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm lint:fix"]
+  "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm check:fix"]
 }
diff --git a/packages/app-elements/package.json b/packages/app-elements/package.json
@@ -31,14 +31,15 @@
     "url": "https://github.com/commercelayer/app-elements"
   },
   "engines": {
-    "node": ">=18",
-    "pnpm": ">=7"
+    "node": "22",
+    "pnpm": "10"
   },
   "scripts": {
     "build": "tsc && vite build && pnpm build:css-vendor && pnpm build:tailwind-cfg",
     "build:tailwind-cfg": "cp ./src/styles/global.css ./dist/tailwind.global.css",
     "build:css-vendor": "pnpm dlx @tailwindcss/cli -i ./src/styles/vendor.css -o ./dist/vendor.css --minify",
-    "lint:fix": "pnpm biome check --write",
+    "check": "pnpm biome check",
+    "check:fix": "pnpm biome check --write",
     "test": "vitest run",
     "test:update": "vitest run --update",
     "test:watch": "vitest",
@@ -86,7 +87,7 @@
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/react": "^16.3.2",
     "@types/js-cookie": "^3.0.6",
-    "@types/node": "^20.19.33",
+    "@types/node": "25.5.0",
     "@types/pluralize": "^0.0.33",
     "@types/react-gtm-module": "^2.0.4",
     "@vitejs/plugin-react": "^5.1.4",
diff --git a/packages/docs/.lintstagedrc.json b/packages/docs/.lintstagedrc.json
@@ -1,4 +1,4 @@
 {
   "*.{js,jsx,ts,tsx}": ["bash -c \"tsc -p ./tsconfig.json --noEmit\""],
-  "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm lint:fix"]
+  "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm check:fix"]
 }
diff --git a/packages/docs/package.json b/packages/docs/package.json
@@ -4,16 +4,17 @@
   "version": "6.14.0",
   "license": "MIT",
   "scripts": {
-    "lint:fix": "pnpm biome check --write",
+    "check": "pnpm biome check",
+    "check:fix": "pnpm biome check --write",
     "dev": "NODE_OPTIONS='--openssl-legacy-provider' storybook dev -p 6006",
     "build:abilities": "node src/generate-abilities.mjs",
     "build:docs": "NODE_OPTIONS='--openssl-legacy-provider' storybook build -o dist",
     "build": "pnpm run --sequential \"/^build:.*/\"",
     "ts:check": "tsc --noEmit"
   },
   "engines": {
-    "node": ">=18",
-    "pnpm": ">=7"
+    "node": "22",
+    "pnpm": "10"
   },
   "dependencies": {
     "prettier": "^3.8.1",
@@ -34,14 +35,14 @@
     "@tailwindcss/forms": "^0.5.11",
     "@tailwindcss/postcss": "^4.2.1",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^20.19.33",
+    "@types/node": "25.5.0",
     "@types/react": "19.2.13",
     "@types/react-dom": "19.2.3",
     "@vitejs/plugin-react": "^5.1.4",
     "babel-loader": "^10.0.0",
     "date-fns": "^4.1.0",
     "js-yaml": "^4.1.1",
-    "msw": "^2.12.10",
+    "msw": "^2.13.2",
     "react-hook-form": "7.62.0",
     "react-select": "^5.10.2",
     "remark-gfm": "^4.0.1",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`{`
`2`		`- "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm lint:fix"]`
	`2`	`+ "*.{js,jsx,ts,tsx,json,jsonc}": ["pnpm check:fix"]`
`3`	`3`	`}`