Fixes for local dev / CI builds

[tr00st]

As raised in #50 - couple of dev fixes.

• Add depenedency to @types/node to fix install issue
• Pins storybook versions for storybook build issue

[CLAassistant]

All committers have signed the CLA.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​storybook/​addons@​5.3.22 ⏵ 5.1.11	+1
	@​storybook/​react@​5.3.21 ⏵ 5.1.11	+1		-2
	@​storybook/​addon-storysource@​5.3.21 ⏵ 5.1.11	+1			+8

View full report

[tr00st]

I've investigated a little further and it looks like the npm install issue with @node/types is due to the updated typescript version in @node/types being used. The latest version of typescript seems to be compatible, so might be a better alternative?

"typescript": "^5.9.3"

[pimterry]

Thanks for looking into this @tr00st! Nice work. Yes, I'd be very happy to update anything we can to fix any build issues here. Updating TypeScript & node types should be fine, I don't think we're doing anything especially complex related to either one so that sounds great to me.

Before this is merged, can you also sign the CLA please? It's very short - just confirming that you're happy to license your contribution to the project, and you have the right to do so.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		[email protected] has Obfuscated code. Confidence: 0.96 Location: Package overview From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[tr00st]

CLA is now sorted - just needed to get employer permission.

I've looked into updating typescript... Looks like doing so would break support for Node v12, which is in the current set of CI build environments.

Worth noting that Node 12 hit EOL about 3 years ago, but fully understand that removing a node version is probably something to think about 😄

So - looks to me like the options are to either:

• revert the TypeScript update and bring things back to how they were on my first commit - pinning the old versions
• update CI builds to remove v12 (and probably add current LTS versions)

Going for "be eager and rollback later", I've pushed a pair of commits that does the latter - rough summary:

• updates the node-version matrix in ci.yml, removes 12.x, adds 18.x-24.x
• updates example publishing to use the latest version - 24.x
• updates typescript to the latest version - 5.9.3
• brings @types/node up-to-date again with v24.6.2

Fully aware that removal for Node v12 might be more controversial - so happy to revert the above if you'd prefer.

...also noticed the socket security warning on buffer - looks like it's a transitive dependency via webpack, so not entirely sure why it's being flagged at this point.

[pimterry]

Yep, I'm perfectly happy to drop Node 12 testing from CI. We don't officially define supported Node versions here since it's a frontend package and it shouldn't make any meaningful difference.

Also happy to ignore the buffer warning - it's a false positive and doesn't really make any difference here anyway.

Merged 👍 Thanks!

[pimterry]

Oh by the way, in case you're not aware, all contributors to all repos in the org get free HTTP Toolkit Pro - if that's interesting just let know and I'll set you up with an account.