Update documentation and CI/CD (#67)

* Add required versions to README
* Bump CI/CD runtimes to new minimum supported versions

.github/workflows/ci.yml

@@ -278,7 +278,8 @@ jobs:
       - name: Install pnpm
         uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320  # v5.0.0
         with:
-          version: 10
+          # minimum supported version
+          version: "10.16.0"
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
@@ -356,7 +357,7 @@ jobs:
         uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb  # v2.0.3
         with:
           # minimum supported version
-          deno-version: "2.0.0"
+          deno-version: "2.3.0"
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
@@ -413,7 +414,7 @@ jobs:
         uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb  # v2.0.3
         with:
           # minimum supported version
-          deno-version: "2.0.0"
+          deno-version: "2.3.0"
 
       - name: Install Deno requirements
         run: |
@@ -450,7 +451,7 @@ jobs:
         uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6  # v2.2.0
         with:
           # minimum supported version
-          bun-version: "1.0.31"
+          bun-version: "1.2.11"
           no-cache: true
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
@@ -507,7 +508,7 @@ jobs:
       - name: Install Bun
         uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6  # v2.2.0
         with:
-          # XXX: We support 1.0.31, but test suite requires 1.2.11+
+          # minimum supported version
           bun-version: "1.2.11"
           no-cache: true
 
@@ -542,7 +543,7 @@ jobs:
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f  # v6.3.0
         with:
           # minimum supported version
-          node-version: "20.0"
+          node-version: "22.0.0"
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
@@ -598,8 +599,8 @@ jobs:
       - name: Install Node
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f  # v6.3.0
         with:
-          # XXX: We support 20.0, but test suite requires 22.18+
-          node-version: "22.18"
+          # minimum supported version
+          node-version: "22.0.0"
 
       - name: Install Node requirements
         run: |

.github/workflows/release.yml

@@ -28,7 +28,7 @@ jobs:
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
-          python-version: "3.10"
+          python-version: "3.14"
 
       - name: Install Python requirements
         run: |

README.md

@@ -10,6 +10,18 @@ Install ejs into the same environment as yt-dlp:
 pip install -U yt-dlp-ejs
 ```
 
+## Runtime requirements
+
+This project supports the following runtimes/engines:
+
+| Runtime / engine   | Required version     |
+|--------------------|----------------------|
+| deno               | `>=2.3`              |
+| node               | `>=22`               |
+| quickjs            | `>=2023-12-9`        |
+| quickjs-ng         | any                  |
+| bun *(deprecated)* | `>=1.2.11, <=1.3.14` |
+
 ## Development
 
 The project provides lockfiles for every supported package manager.
@@ -20,6 +32,23 @@ This will transparently invoke one of the supported JS runtimes for the build.
 If you notice differences between different runtimes' builds
 please open an issue [here](<https://github.com/yt-dlp/ejs/issues/new>).
 
+### Development requirements
+
+Developers should have the following tools installed:
+
+| Runtime / package manager | Required version                  |
+|---------------------------|-----------------------------------|
+| deno                      | `>=2.6`                           |
+| node                      | `^24.14.1 \|\| ^25.7.0 \|\| >=26` |
+| npm                       | `>=11.10`                         |
+| bun                       | `>=1.2.11, <=1.3.14`              |
+| pnpm                      | `>=10.16.0`                       |
+| quickjs *(optional)*      | `>=2025-4-26`                     |
+| quickjs-ng *(optional)*   | `>=0.12.0`                        |
+
+quickjs/quickjs-ng is only needed for yt-dlp integration tests,
+which can usually be handled by CI.
+
 ### Build
 
 To build the Python package you need a PEP518 compatible builder.
@@ -81,23 +110,26 @@ When upgrading packages in package.json, all lockfiles must be updated simultane
 To do this, run the following commands:
 
 ```bash
-# Upgrade packages automatically (or manually adjust versions)
+# 1. Upgrade all packages automatically
 pnpm upgrade --latest
+#    or upgrade only development dependencies
+pnpm upgrade --latest --dev
+#    or upgrade a specific package, e.g. meriyah
+pnpm upgrade --latest meriyah
 
-# Generate base `package-lock.json`
-rm -rf node_modules
+# 2. Generate base `package-lock.json` with npm (using a 7-day cooldown)
+npm config set min-release-age=7
+rm -rf node_modules package-lock.json
 npm install
 
-# Migrate to other package managers
+# 3. Migrate to other package managers
 pnpm import
 bun pm migrate --force
 
-# Make sure to use a deno with lockfile v4 (<2.3)
-deno install --lockfile-only
+# 4. Generate a separate `deno.lock` (using a 7-day cooldown)
+deno install --lockfile-only --minimum-dependency-age=P7D
 
-# Ensure that `deno.json` is the same as `package-lock.json`.
-# Note: you may need to manually update the `ADDITIONAL_PACKAGES_NODE`
-# and/or `ADDITIONAL_PACKAGES_DENO` variables in `./check.py`.
+# 5. Ensure that `deno.json` is equivalent to `package-lock.json`
 python check.py
 ```
 

pnpm-workspace.yaml

@@ -0,0 +1 @@
+minimumReleaseAge: 10080