Migrate from bundlesize to size-limit

[erikras-dinesh-agent]

Migrates from deprecated bundlesize to size-limit for bundle size monitoring.

Changes

• Remove bundlesize dependency
• Add @size-limit/preset-small-lib and size-limit dependencies
• Convert bundlesize configuration to size-limit format
• Add Bundle Size Check job to CI workflow
• Update GitHub Actions to v4 (checkout, setup-node)

Bundle Size Limits

• dist/react-final-form-html5-validation.umd.min.js: 2 kB
• dist/react-final-form-html5-validation.es.js: 3 kB
• dist/react-final-form-html5-validation.cjs.js: 3 kB

Part of the bundlesize → size-limit migration across all Final Form repos.

Summary by CodeRabbit

• Chores
  • Updated CI to newer tooling and standardized on Node.js 22 for builds and checks.
  • Added an automated bundle size check to the CI pipeline.
  • Replaced previous bundle-size tooling with size-limit for bundle monitoring and migrated size constraints accordingly.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

CI workflow bumps checkout/setup-node to v6 and fixes Node.js to 22; a new "Bundle Size Check" job runs size-limit after tests. package.json replaces bundlesize with size-limit and adds @size-limit/preset-small-lib, migrating configuration keys from maxSize to limit.

Changes

Cohort / File(s)	Summary
CI Workflow ​.github/workflows/ci.yml	Updated actions/checkout and actions/setup-node to @v6, set node-version: "22" for relevant jobs, upgraded codecov action to codecov-action@v5, and added a new top-level "Bundle Size Check" job that installs, builds, and runs size-limit (depends on tests).
Bundle Size Tooling package.json	Removed bundlesize devDependency, added size-limit and @size-limit/preset-small-lib, and migrated configuration format from bundlesize/maxSize entries to size-limit/limit entries.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I nibbled old checks, then hopped anew,
Swapped tools and versions with a joyful chew.
Builds trimmed light, sizes kept small,
Node twenty-two answers the call.
A tiny triumph — up I scrawl! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the main objective: migrating from the bundlesize tool to size-limit. The title is concise, specific, and directly reflects the primary changes in both the configuration files and CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch migrate-to-size-limit

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In @.github/workflows/ci.yml:
- Around line 53-68: The "Bundle Size Check" job (job key "size") currently runs
in parallel; to run it after tests add a dependency by adding needs: test (or
the actual test job key) to the job definition so the "size" job waits for the
test job to finish before executing the steps that run "npx size-limit" and the
Build/Prepare env steps.
- Around line 11-13: Update the GitHub Actions workflow to use the latest major
versions for the checkout and Node setup steps: replace any occurrences of
actions/checkout@v4 with actions/checkout@v6 and actions/setup-node@v4 with
actions/setup-node@v6 (do this for all occurrences in the file, including the
three places noted). Ensure you keep the rest of each step unchanged (only
change the `@v4` tag to `@v6` for the actions/checkout and actions/setup-node
entries).

In `@package.json`:
- Around line 89-91: Update package.json to bump size-limit and its preset to
v12.0.0 to ensure explicit Node 22 support: replace the
"@size-limit/preset-small-lib" and "size-limit" dependency versions currently
set to "^11.1.6" with "^12.0.0". After updating, run your package manager
install (npm/yarn/pnpm) and then rerun CI locally to verify no regressions; if
lockfile exists, regenerate it (package-lock.json / yarn.lock / pnpm-lock.yaml)
so the new versions are locked.

[erikras-dinesh-agent]

Fixed all CodeRabbit feedback:

• ✅ Bumped size-limit to v12.0.0 for Node 22 support
• ✅ Updated GitHub Actions to v6 (checkout, setup-node)
• ✅ Added needs: test dependency to size job

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/ci.yml:
- Line 51: Update the GitHub Action step that currently references
codecov/codecov-action@v2.1.0 to use the v5 major release (e.g.,
codecov/codecov-action@v5) and adapt its inputs to the v5 schema: rename any
`file` input to `files`, `plugin` to `plugins`, and ensure token/authorization
is configured per v5 (OIDC/token usage) and CLI signature validation options if
present; modify the action invocation (the `uses:` entry referencing
codecov/codecov-action) and associated step inputs accordingly.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🌐 Web query:

codecov/codecov-action latest version 2025 2026

💡 Result:

As of February 11, 2026, the latest released/tagged version of codecov/codecov-action is v5.5.2, dated December 9, 2025. [1][2]

Recommended usage: uses: codecov/codecov-action@v5 (tracks the latest v5 release without pinning to a specific patch). [2]

Sources:
[1] (github.com)
[2] (github.com)

Citations:

• 1: https://github.com/codecov/codecov-action/tags
• 2: https://github.com/codecov/codecov-action/releases

---

🌐 Web query:

codecov-action v5 release notes improvements features security

💡 Result:

codecov/codecov-action v5 — notable improvements, features, and security changes

Improvements / features

• Wrapper-based architecture: v5 switches to using the Codecov Wrapper to encapsulate the Codecov CLI, intended to let the Action receive updates faster. [1]
• Tokenless upload support (public repos): v5 aligns with Codecov’s “opt-out” global upload token setting for public repositories, enabling uploads without exposing a repository token in more cases. [1]
• New/changed inputs (migration-impacting):
  • file → deprecated in favor of files; plugin → deprecated in favor of plugins. [1]
  • Added inputs including binary, gcov_* options, report_type, skip_validation, and swift_project. [1]
• Privacy control: Added disable_telem to disable telemetry. [1][4]

Security-related changes

• OIDC authentication support: v5 supports using OIDC (use_oidc: true) instead of long-lived upload tokens (requires id-token: write). [1]
• CLI integrity / signature validation controls: The Action documents integrity checking and provides skip_validation (explicitly “NOT recommended”), plus options like binary / use_pypi that bypass integrity checking. [1]
• Hardening of the Action’s own dependencies/workflow:
  • Pinned actions/github-script by Git SHA (supply-chain hardening). [2]
  • Adjusted behavior to check GPG only when skip-validation=false. [3]

Sources: GitHub repo README (v5 release + inputs + OIDC + integrity/validation knobs) [1]; GitHub releases notes (v5.5.0 hardening) [2]; GitHub releases notes (v5.5.2 GPG/skip-validation behavior) [3]; GitHub releases notes (v5.2.0 telemetry disable) [4].

---

Consider updating codecov action to v5 for security and modernization benefits.

The codecov/codecov-action@v2.1.0 is several major versions behind. The current version is v5 (latest v5.5.2), which includes OIDC authentication support, CLI signature validation, improved supply-chain hardening, and updated inputs (file→files, plugin→plugins). While orthogonal to this PR's size-limit migration, this would be a good follow-up improvement.

🤖 Prompt for AI Agents

In @.github/workflows/ci.yml at line 51, Update the GitHub Action step that
currently references codecov/codecov-action@v2.1.0 to use the v5 major release
(e.g., codecov/codecov-action@v5) and adapt its inputs to the v5 schema: rename
any `file` input to `files`, `plugin` to `plugins`, and ensure
token/authorization is configured per v5 (OIDC/token usage) and CLI signature
validation options if present; modify the action invocation (the `uses:` entry
referencing codecov/codecov-action) and associated step inputs accordingly.

[erikras-dinesh-agent]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.