Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,7 @@
"sass": "1.77.6",
"sass-loader": "^16.0.6",
"scroll-into-view-if-needed": "^2.2.31",
"semantic-release": "^24.2.9",
"semantic-release": "^25.0.5",

@coderabbitai coderabbitai Bot Jul 9, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

semantic-release v25 breaking changes and migration guide

💡 Result:

semantic-release version 25 was released on October 15, 2025 [1]. The primary breaking changes in this major version release center on a significant shift in the Node.js runtime requirements [1][2]. Breaking Changes: - Dropped Support: Support for Node.js versions 20, 21, and 23 has been removed [1][2]. - Minimum Node.js Version: A minimum of Node.js v22.14 is now required to run semantic-release [1][2]. - Node.js v24 Range: Within the v24 line, a minimum of Node.js v24.10.0 is now required [1][2]. Migration Guide & Best Practices: To migrate to semantic-release v25, you must ensure your CI/CD environment uses a compatible Node.js version [2]. 1. Update CI Infrastructure: The recommended approach is to update your CI/CD pipeline images to use a supported Node.js version (e.g., Node.js 22 LTS or newer) [2]. 2. Targeted Runtime Upgrade: If upgrading the entire CI pipeline image is not immediately feasible, you can execute semantic-release using a specific newer Node.js runtime while keeping the rest of your pipeline on an older version [2]. This can be achieved using a command similar to: npx -p node@v24 -c "npx semantic-release" This allows you to satisfy the v25 runtime requirements for the release step specifically without forcing a global environment upgrade across your test or build matrix [2]. As of July 9, 2026, the latest stable version is v25.0.5 [3][4].

Citations:


🏁 Script executed:

python3 - <<'PY'
from pathlib import Path
p = Path('package.json')
text = p.read_text()
for key in ['"semantic-release"', '"engines"', '"node"', '"scripts"']:
    idx = text.find(key)
    if idx != -1:
        start = text.rfind('\n', 0, idx)
        end = text.find('\n', idx)
        print(text[start+1:end])
PY

Repository: box/box-ui-elements

Length of output: 256


🏁 Script executed:

python3 - <<'PY'
import json
from pathlib import Path
data = json.loads(Path('package.json').read_text())
print('semantic-release:', data['dependencies'].get('semantic-release') or data['devDependencies'].get('semantic-release'))
print('engines:', data.get('engines'))
print('scripts.cut_release:', data.get('scripts', {}).get('cut_release'))
PY

Repository: box/box-ui-elements

Length of output: 255


🌐 Web query:

semantic-release v25 --no-ci flag support release notes

💡 Result:

The --no-ci flag is a standard, supported feature in semantic-release, including in version 25 [1][2]. It is not a new feature introduced in v25, but rather a long-standing configuration option that allows the tool to run in local environments by skipping Continuous Integration (CI) environment verifications [1][3][4]. In semantic-release v25, the --no-ci flag (or setting --ci to false) continues to function as the mechanism to bypass CI checks, enabling manual releases from a local machine [1][5]. Official documentation confirms that this flag is equivalent to --ci false [1][6]. When using this flag, you are responsible for providing the necessary authentication tokens (such as NPM_TOKEN or GH_TOKEN) via environment variables [7]. The release notes for semantic-release v25.0.0 and subsequent v25 patch releases do not mention any breaking changes or specific updates to the --no-ci flag, confirming its continued consistent behavior [8][9][10][11].

Citations:


Update the release Node baseline for semantic-release v25
semantic-release v25 needs Node 22.14+, but this repo still declares engines.node >=20.x, so the release step will fail on the current baseline. Bump the runtime/engines version before merging.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 277, The declared Node baseline is still too low for
semantic-release v25, so the release step will fail under the current runtime
requirement. Update the Node engine/runtime requirement in package.json
(including the engines.node field and any related release baseline config) to at
least Node 22.14+, and make sure the release setup that uses semantic-release is
aligned with that version.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay our internal CI uses 22.11.0 so I need to fix this

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tjuanitas Good catch — thanks for confirming. Since your internal CI is pinned to Node 22.11.0, you've got a couple of paths depending on how quickly you can move the CI baseline:

  1. Bump CI to Node 22.14+ (or 24.10+) — cleanest long-term fix, keeps engines.node in package.json accurate and avoids drift between declared/actual runtime.
  2. Keep CI on 22.11.0 for now, but run just the release step on a newer Node — e.g. npx -p node@22 -- npx semantic-release (or similar) so only the semantic-release invocation gets a compatible runtime without upgrading the whole pipeline image.
  3. Hold off on the v25 bump — revert semantic-release to ^24.2.9 in this PR until the CI image is upgraded, then bump separately.

Let me know which direction you'd like to take and I can help sanity-check the change once it's in.


✏️ Learnings added
Learnt from: tjuanitas
Repo: box/box-ui-elements PR: 4684
File: package.json:277-277
Timestamp: 2026-07-09T20:58:14.105Z
Learning: In box/box-ui-elements, the internal CI environment currently runs Node 22.11.0, which is below the Node 22.14+ minimum required by semantic-release v25. This should be considered when reviewing devDependency bumps to semantic-release ^25.x or Node engine requirement changes.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

"sinon": "^2.3.7",
"storybook": "^9.1.20",
"storybook-react-intl": "^4.0.7",
Expand Down Expand Up @@ -365,7 +365,6 @@
"uuid": "^8.3.2"
},
"resolutions": {
"@sigstore/core": "3.2.1",
"draft-js/immutable": "^3.8.3",
"eslint-plugin-formatjs/**/minimatch": "^9.0.9",
"js-yaml": "^4.2.0",
Expand Down
Loading
Loading