test: pin @angular/cli version in bunx node-version test

[robobun]

What

test/cli/install/bunx.test.ts > "should handle package that requires node 24" has been failing on every PR across all platforms since 2026-06-03:

error: expect(received).toBe(expected)
Expected: 0
Received: 3
      at <anonymous> (test/cli/install/bunx.test.ts:518:18)

Cause

The test runs bun x --bun @angular/cli@latest --help. @angular/cli@22.0.0 was published on 2026-06-03 and its bin performs a runtime process.version check requiring ^22.22.3 || ^24.15.0 || >=26.0.0. Bun reports node 24.3.0, which does not satisfy that range, so the CLI exits with code 3:

Node.js version v24.3.0 detected.
The Angular CLI requires a minimum Node.js version of v22.22.3 or v24.15.0 or v26.0.0.

Tracking the mutable latest tag means the test breaks whenever Angular raises its engine floor past Bun's reported node version, unrelated to any change under test.

Fix

Pin @angular/cli@21.1.3, whose requirement (^20.19.0 || ^22.12.0 || >=24.0.0) is satisfied by the current reported version and by future bumps (including the 26.3.0 bump in #31818, which also restores latest compatibility for users). The test still exercises what it was added for in #20772: a package whose bin rejects node versions older than 24 must run under bun x --bun. Also assert the version-check error message is absent so a future failure points at the cause instead of just a nonzero exit code.

Verification

• Before: bun x --bun @angular/cli@latest --help exits 3 with the message above.
• After: bun test test/cli/install/bunx.test.ts -t "should handle package that requires node 24" passes (1 pass, 4 expect calls). Full file: 31 pass / 1 skip, remaining 2 failures are sandbox TLS interception on codeload.github.com (UNABLE_TO_VERIFY_LEAF_SIGNATURE), unrelated and green in CI.

Fixes #31797

Fixes #32029

[coderabbitai]

Warning

Review limit reached

@robobun, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 63 minutes and 40 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f638f100-82db-4f8d-b96e-7262b4f1ec34

📥 Commits

Reviewing files that changed from the base of the PR and between 977f054 and 9a73ffd.

📒 Files selected for processing (1)

• test/cli/install/bunx.test.ts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[robobun]

^{Updated 6:12 PM PT - Jun 4th, 2026}

❌ @robobun, your commit 9a73ffd has some failures in Build #60379 (All Failures)

---

🧪   To try this PR locally:

bunx bun-pr 31820

That installs a local version of the PR into your bun-31820 executable, so you can run:

bun-31820 --bun

[github-actions]

Found 1 issue this PR may fix:

1. CI: bunx.test.ts fails on all platforms — @angular/cli@latest now requires Node >= 24.15.0, bun reports 24.3.0 #31797 - Directly addresses the CI failure where @angular/cli@latest (v22.0.0) rejects Bun's reported Node.js version 24.3.0 by pinning the test to v21.1.3

If this is helpful, copy the block below into the PR description to auto-close this issue on merge.

Fixes #31797

🤖 Generated with Claude Code

[claude]

LGTM — straightforward test-only fix pinning a flaky external dependency version.

Extended reasoning...

Overview

This PR touches a single test file, test/cli/install/bunx.test.ts, changing one test case ("should handle package that requires node 24"). It replaces @angular/cli@latest with the pinned @angular/cli@21.1.3, adds an explanatory comment, and adds one extra assertion (expect(err).not.toContain("requires a minimum Node.js version")) to make future failures more diagnosable. No production/runtime code is modified.

Security risks

None. The change is confined to a test that spawns bun x against a public npm package in CI. Pinning to a specific published version is strictly less risky than tracking latest. No auth, crypto, permissions, or input-handling logic is touched.

Level of scrutiny

Low. This is a mechanical test-stability fix addressing CI breakage caused by an upstream package release (Angular CLI 22.0.0 raised its Node engine floor past Bun's reported process.version). Pinning external package versions in tests is an established pattern in this same file (e.g. uglify-js@3.14.1, http-server@14.0.0, typescript@5.0.0). The test's original intent — verifying that a package whose bin requires Node ≥24 runs under bun x --bun — is preserved, since 21.1.3 still requires >=24.0.0.

Other factors

• No bugs found by the bug-hunting system.
• No CODEOWNERS entry covers this file.
• No outstanding reviewer comments.
• The PR description is thorough, includes root-cause analysis, and documents local verification (test passes after the change).
• The added inline comment clearly explains the pin so future maintainers understand why latest is not used.

[claude]

LGTM — test-only version pin to fix CI flake from upstream @angular/cli release.

Extended reasoning...

Overview

This PR touches a single test file (test/cli/install/bunx.test.ts) and changes one test case: it replaces @angular/cli@latest with the pinned @angular/cli@21.1.3, adds an explanatory comment, and adds one extra negative assertion (expect(err).not.toContain("requires a minimum Node.js version")) so future failures surface the actual cause. No production/runtime code is modified.

Security risks

None. The change is confined to a test that spawns bun x against a public npm package; pinning to a specific known-good version is strictly safer than tracking latest. No auth, crypto, permissions, or input-handling code paths are involved.

Level of scrutiny

Low. This is a mechanical test-stabilization fix for a CI flake caused by an external package publish (@angular/cli@22.0.0 raised its Node engine floor past Bun's reported version). The test's original intent — verifying that a package whose bin requires Node ≥24 runs under bun x --bun — is preserved, since 21.1.3 still requires >=24.0.0. The added comment is thorough and the extra assertion is purely diagnostic.

Other factors

The bug-hunting system found no issues. There are no outstanding human review comments, and the file is not covered by CODEOWNERS. The PR description includes before/after verification showing the test now passes locally. The change follows the established pattern in this same file of pinning package versions for reproducibility (e.g., uglify-js@3.14.1, http-server@14.0.0, typescript@5.0.0).

[robobun]

CI status: the only failing step on build 60379 is windows x64-baseline verify-baseline. Its Intel SDE download arrives as a 0 byte file and extraction fails with Cannot open the file as archive (exit 2). The same step fails identically on current builds of unrelated branches (60375, 60377), and a retrigger of this PR reproduced it byte for byte, so it is CI infrastructure and not this change. Further retriggers will not help until the SDE download is fixed.

This PR is test-only (one file, test/cli/install/bunx.test.ts). The remaining test lanes are still running; the pinned test passes locally against the release build, and the failure it fixes (@angular/cli@latest exiting 3 on every platform) is deterministic, not platform dependent. Safe to merge over the red infra lane once test lanes report.

[alii]

#31818 is the real fix

[robobun]

Agreed that #31818 is the real fix for the user-facing problem: after it lands, bunx @angular/cli@latest works again because 26.3.0 satisfies >=26.0.0.

This change is complementary rather than competing, for two reasons:

1. It unblocks CI on every open PR today. Upgrade reported Node.js version to 26.3.0 #31818 still lists known failures and CI image work, so its timing is uncertain, and until then every PR fails this test on all platforms.
2. The test re-breaks no matter what version bun reports, as long as it tracks the mutable latest tag. It already happened twice: Angular's floor moved past 22.6.0, then past 24.3.0. Next year an Angular major can move past 26.3.0 and every PR goes red again, on a failure unrelated to anything under test. The pinned version keeps the original coverage (a bin that refuses node < 24 must run under bun x --bun) without depending on what Angular publishes next.

All test lanes on this PR are green now; the only red step is the windows verify-baseline SDE download, which is broken on every recent build repo-wide. Happy to close this if you'd rather hold out for #31818, but merging this does not conflict with it.