Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
audit:
strategy:
matrix:
node-version: [ '22' ]
node-version: [ '26' ]
os: [ 'ubuntu-latest' ]
name: audit
runs-on: ${{ matrix.os }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
publish-docs:
strategy:
matrix:
node-version: [ '22' ]
node-version: [ '26' ]
os: [ 'ubuntu-latest' ]
name: build-docs
runs-on: ${{ matrix.os }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
strategy:
fail-fast: false
matrix:
node-version: [ 20, 22, 24 ]
node-version: [ 22, 24, 26 ]
os: [ ubuntu-latest, windows-latest, macos-latest ]
install-command: [ i, ci ]
runs-on: ${{ matrix.os }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
lint:
strategy:
matrix:
node-version: [ '22' ]
node-version: [ '26' ]
os: [ 'ubuntu-latest' ]
name: lint
runs-on: ${{ matrix.os }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/performance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
performance-test:
strategy:
matrix:
node-version: [ '22' ]
node-version: [ '26' ]
os: [ 'ubuntu-latest' ]
name: Test performance
runs-on: ${{ matrix.os }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
publish-docs:
strategy:
matrix:
node-version: [ '22' ]
node-version: [ '26' ]
os: [ 'ubuntu-latest' ]
name: publish-docs
runs-on: ${{ matrix.os }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
unit-tests:
strategy:
matrix:
node-version: [ '22' ]
node-version: [ '26' ]
os: [ 'ubuntu-latest' ]
name: unit-tests
runs-on: ${{ matrix.os }}
Expand Down Expand Up @@ -56,7 +56,7 @@ jobs:
browser-tests:
strategy:
matrix:
node-version: [ '22' ]
node-version: [ '26' ]
os: [ 'ubuntu-latest' ]
name: browser-tests
runs-on: ${{ matrix.os }}
Expand Down
16 changes: 16 additions & 0 deletions .npmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# --- Security ---
# Run only minimal lifecycle scripts; block arbitrary install scripts from deps
ignore-scripts=true
Comment thread
cursor[bot] marked this conversation as resolved.
# Fail install if a package has a known advisory at/above this level
audit-level=low
# Always verify package integrity against the lockfile
package-lock=true
# Dependency cooldown: only install versions published more than N days ago
# (requires npm >= 11.10.0; silently ignored on older npm)
min-release-age=30

# --- Reproducibility / supply chain ---
# Pin exact versions (no ^ or ~) so installs are deterministic
save-exact=true
# Enforce the Node/npm range declared in package.json "engines"
engine-strict=true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Engine strict without engines

Medium Severity

This commit enables engine-strict=true to enforce Node/npm ranges from package.json, but package.json has no engines field. The node/npm constraints exist only under the root entry in package-lock.json, which npm does not use for engine checks, so installs are not blocked on unsupported runtimes despite the stated hardening.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 06b351a. Configure here.

2 changes: 1 addition & 1 deletion .nvmrc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v18
v26
2 changes: 1 addition & 1 deletion docs/guide/building.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ format , builds ES6 version
* `npm run bundle:languages` - builds the languages
* `npm run bundle:typings` - generates TypeScript typing, only emits ‘.d.ts’ declaration files

We use the Node 22 LTS in the build-chain and recommend this version for building. Note that for using (not building) HyperFormula, a wider range of Node versions is supported.
We use the Node 26 LTS in the build-chain and recommend this version for building. Note that for using (not building) HyperFormula, a wider range of Node versions is supported.

## Verify the build

Expand Down
110 changes: 27 additions & 83 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 2 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,14 +77,14 @@
"verify:typings": "tsc --noEmit",
"test": "npm-run-all lint test:jest test:browser",
"test:setup-private": "bash test/fetch-tests.sh",
"test:jest": "cross-env NODE_ICU_DATA=node_modules/full-icu jest",
"test:jest": "jest",
"test:watch": "npm run test:jest -- --watch",
"test:tmp": "npm run test:jest -- --watch function-irr",
"test:coverage": "npm run test:jest -- --coverage",
"test:logMemory": "npm run test:jest -- --runInBand --logHeapUsage",
"test:performance": "npm run benchmark:basic && npm run benchmark:cruds",
"test:compatibility": "bash test/compatibility/test-compatibility.sh",
"test:ci": "cross-env NODE_ICU_DATA=node_modules/full-icu node --expose-gc ./node_modules/jest/bin/jest --forceExit",
"test:ci": "node --expose-gc ./node_modules/jest/bin/jest --forceExit",
"test:browser": "cross-env-shell BABEL_ENV=dist env-cmd -f ht.config.js karma start",
"test:browser.debug": "cross-env-shell BABEL_ENV=dist NODE_ENV=debug env-cmd -f ht.config.js karma start",
"typedoc:build-api": "cross-env NODE_OPTIONS=--openssl-legacy-provider typedoc --options .typedoc.md.ts",
Expand Down Expand Up @@ -142,7 +142,6 @@
"eslint-plugin-prettier": "^5.2.1",
"esm": "^3.2.25",
"exceljs": "^4.4.0",
"full-icu": "^1.5.0",
"jasmine": "^5.4.0",
"jest": "^26.6.3",
"jsdom": "^25.0.1",
Expand Down
Loading