Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade publint from 0.1.16 to 0.2.7 #6

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

patooworld
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade publint from 0.1.16 to 0.2.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 8 versions ahead of your current version.

  • The recommended version was released on 5 months ago.

Release notes
Package name: publint
  • 0.2.7 - 2023-12-23

    Features

    • If the library exports from both "main"/"module" and "exports" fields, but the "exports" field doesn't export the root entrypoint, warn about the inconsistency. When "exports" is defined, it takes the highest priority, so all the library's entrypoint (root and deep) needs to be specified here. (#88)
    • Suggest using the "type" field. In Node.js v20.10.0, it introduces a new --experimental-default-type flag to flip the default module system from "CJS-as-default" to "ESM-as-default". It's recommended for libraries to specify the "type" field explicitly to prevent CJS files from being incorrectly interpreted as ESM. This suggestion helps push towards a better ESM experience in the future. (#83)

    Full Changelog: v0.2.6...v0.2.7

  • 0.2.6 - 2023-12-01

    Features

    • Warn if the deprecated jsnext:main or jsnext fields are used by @ sapphi-red (#85)

    Site

    New Contributors

    Full Changelog: v0.2.5...v0.2.6

  • 0.2.5 - 2023-10-20

    Bug fixes

    • Fix missing published files check when resolving a path with fallback extensions (#79)

    Full Changelog: v0.2.4...v0.2.5

  • 0.2.4 - 2023-10-09

    Bug fixes

    • Check for packed files locally before providing the "files" suggestion. An incorrect suggestion was given when you're using .npmignore or .gitignore to limit publishing certain files.

    Site

    • Fix rules page mobile responsiveness

    Full Changelog: v0.2.3...v0.2.4

  • 0.2.3 - 2023-09-28

    Features

    • Error if package.json has fields with invalid string, boolean, object, etc type (#73)

    • Suggest using the "files" field if detected test or config files are published (#77)

    • Warn on "exports" and "browser" object conflict for browser-ish environments (#58)

      For example, given this setup:

      {
        "browser": {
          "./lib.server.js": "./lib.browser.js"
        },
        "exports": {
          ".": {
            "worker": "./lib.server.js",
            "browser": "./lib.browser.js",
            "default": "./lib.server.js"
          }
        }
      }

      When matching the "worker" condition, it will resolve to "./lib.server.js" which is intended to work in a worker environment. However, the "browser" field also has a matching mapping for "./lib.server.js", causing the final resolved path to be "./lib.browser.js". This is usually not intended and causes the wrong file to be loaded.

    • Error on invalid JSX extensions, such as .cjsx, .mjsx, .ctsx, and .mtsx (#76)

      These extensions are usually mistaken as ESM and CJS variants of JSX, which is not valid. Instead they should be written in ESM with the .jsx extension instead.

    Bug fixes

    • Skip file format checks only for globbed files
    • Fix "main" field with ESM content detection (#75)

    Site

    • Add sidebar menu to rules page by @ btea (#65)
    • Quickly scroll to the prompt information location by @ btea (#68)
    • Fix version switch title not updated by @ btea (#72)
    • Improve documentation for "types" format
    • Fix message border styles
    • Fix docs list missing dot

    Full Changelog: v0.2.2...v0.2.3

  • 0.2.2 - 2023-08-21

    Features

    • Lint "typings" field file existence (#60)
    • Check packed files when globbing exports locally (#61)
    • Improve "browser" field suggestion for using "imports" and "exports" fields instead (#59)

    Bug fixes

    • Lower deprecated trailing slash glob syntax as suggestion instead of a warning when it's used for backwards compatibility only (#62)
    • Suppress invalid globbed file format if has correct adjacent file
    • Fix extension replacement in messages
    • Improve invalid types format message and docs

    Site

    • Fix invalid package name not found message
    • Highlight code blocks in rules page

    New Contributors

    • @ btea made their first contribution in #64

    Full Changelog: v0.2.1...v0.2.2

  • 0.2.1 - 2023-08-18

    Bug fixes

    • Fix "types" condition check with "exports" array format
    • Disable packed files search when a vfs is passed
    • Fix "browser" field file existence extensions check
    • Fix file existence check with trailing slash

    Site

    • Site-wide design touch-up
    • New "Popular packages" section
    • New package version select switcher (#56)
    • New navigation header design
    • Update bottom documentation for clarity
    • Improve repo URL parsing

    New Contributors

    Full Changelog: v0.2.0...v0.2.1

  • 0.2.0 - 2023-07-26

    Breaking changes

    Note: If you're using publint from the CLI, these breaking changes should not affect you.

    • publint() now returns an object with messages instead of the messages array directly. This makes way for future APIs where publint will return more information than just messages.

      - const messages = await publint()
      + const { messages } = await publint()
    • Rename printMessage API to formatMessage to better reflect it's intent. (#43)

      - import { printMessage } from "publint/utils"
      + import { formatMessage } from "publint/utils"

    const { messages } = await publint()

    for (const message of messages) {
    - console.log(printMessage(message))
    + console.log(formatMessage(message))
    }

  • Remove filePath arg for the FILE_DOES_NOT_EXIST message.

    - return The file "${message.args.filePath}" does not exist.
    + return The file "${getPkgPathValue(pkg, message.path)}" does not exist.
    }
    }

  • Remove the import condition for the publint package. This provides a better error message if you call require("publint").

Features

  • Improve warnings when the exported "types" condition has an invalid format in ESM or CJS. This ensures your library's types will work in both environments when dual publishing. (#46)

    It affects packages commonly packaged like:

    {
      "exports": {
        ".": {
          "types": "./index.d.ts", <-- only works in CJS
          "import": "./index.mjs",
          "require": "./index.js",
        }
      }
    }

    For more information, visit the rules documentation. This feature is inspired by https://arethetypeswrong.github.io.

Bug fixes

  • Suppress warnings when exported JS files using the "exports" field have adjacent .d.ts files and no "types" condition. This follows TypeScript's resolution algorithm. For more information, visit the rules documentation. (#46)

Full Changelog: v0.1.16...v0.2.0

  • 0.1.16 - 2023-07-05

    Bug fixes

    • Don't enforce the module condition to precede import per se. It is now ensured to precede require only as otherwise the condition isn't effective (#50)

    Full Changelog: v0.1.15...v0.1.16

  • from publint GitHub release notes

    Important

    • Check the changes in this PR to ensure they won't cause issues with your project.
    • This PR was automatically created by Snyk using the credentials of a real user.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

    For more information:

    Snyk has created this PR to upgrade publint from 0.1.16 to 0.2.7.
    
    See this package in npm:
    publint
    
    See this project in Snyk:
    https://app.snyk.io/org/patooworld/project/323db24f-ae7c-4c52-ac63-2087f1308ba0?utm_source=github&utm_medium=referral&page=upgrade-pr
    Copy link

    cr-gpt bot commented May 29, 2024

    Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    None yet
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    2 participants