[Snyk] Upgrade: execa, minimatch, semver #36
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
execa
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
from 5.1.1 to 9.3.1 | 15 versions ahead of your current version
on 2024-08-14
minimatch
from 9.0.3 to 10.0.1 | 4 versions ahead of your current version
on 2024-07-08
semver
from 7.5.4 to 7.6.3 | 4 versions ahead of your current version | 2 months ago
on 2024-07-16
Release notes
Package name: execa
Thanks @ holic and @ jimhigson for your contributions!
Bugs
Bugs (types)
env
option. It was currently failing for Remix or Next.js users. (by @ holic) (#1141)Documentation
Features
verbose
option can now be a function to customize logging. (#1130)This release includes a new set of methods to exchange messages between the current process and a Node.js subprocess, also known as "IPC". This allows passing and returning almost any message type to/from a Node.js subprocess. Also, debugging IPC is now much easier.
Moreover, a new
gracefulCancel
option has also been added to terminate a subprocess gracefully.For a deeper dive-in, please check and share the release post!
Thanks @ iiroj for your contribution, @ SimonSiefke and @ adymorz for reporting the bugs fixed in this release, and @ karlhorky for improving the documentation!
Deprecations
'ipc'
to thestdio
option has been deprecated. It will be removed in the next major release. Instead, theipc: true
option should be used. (#1056)execaCommand()
method has been deprecated. It will be removed in the next major release. If most cases, the template string syntax should be used instead.+ import {execa} from 'execa';
- await execaCommand('npm run build');
+ await execa
npm run build
;const taskName = 'build';
- await execaCommand(
npm run ${taskName}
);+ await execa
npm run ${taskName}
;const commandArguments = ['run', 'task with space'];
await execa
npm ${commandArguments}
;If the file and/or multiple arguments are supplied as a single string, parseCommandString(command) can split that string into an array. More info. (#1054)
+ import {execa, parseCommandString} from 'execa';
const commandString = 'npm run task';
- await execaCommand(commandString);
+ const commandArray = parseCommandString(commandString); // ['npm', 'run', 'task']
+ await execa
${commandArray}
;// Or alternatively:
const [file, ...commandArguments] = commandArray;
await execa(file, commandArguments);
Features
gracefulCancel
option andgetCancelSignal()
method to terminate a subprocess gracefully.error.isGracefullyCanceled
was also added. (#1109)error.isForcefullyTerminated
. It istrue
when the subprocess was terminated by theforceKillAfterDelay
option. (#1111)subprocess.sendMessage(message)
and receives them withsubprocess.getOneMessage()
.subprocess.getEachMessage()
listens to multiple messages.sendMessage(message)
,getOneMessage()
andgetEachMessage()
instead. Those are the same methods, but imported directly from the'execa'
module.ipcInput
option sends an IPC message from the current process to the subprocess as it starts. This enables passing almost any input type to a Node.js subprocess. (#1068)result.ipcOutput
array contains all the IPC messages sent by the subprocess to the current process. This enables returning almost any output type from a Node.js subprocess. (#1067, #1071, #1075)verbose: 'full'
option now logs every IPC message sent by the subprocess, for debugging. More info here and there. (#1063)Types
ExecaMethod
,ExecaNodeMethod
andExecaScriptMethod
,ExecaSyncMethod
andExecaScriptSyncMethod
types. (#1066)Message
type, for IPC. (#1059)forceKillAfterDelay: true
option. (#1116)Bug fixes
{file}
to both thestdin
and thestdout
orstderr
options. (#1058)cancelSignal
option. (#1108)engines.node
field inpackage.json
. Supported Node.js version is^18.19.0
or>=20.5.0
. (by @ iiroj) (#1101)Features (types)
TemplateExpression
type. (#1049)Bug fixes (types)
--lib dom
for TypeScript users (#1043, #1044)reject
option (#1046)Bug fixes (types)
This major release brings many important features including:
Please check the release post for a high-level overview! For the full list of breaking changes, features and bug fixes, please read below.
Thanks @ younggglcy, @ koshic, @ am0o0 and @ codesmith-emmy for your help!
One of the maintainers @ ehmicky is looking for a remote full-time position. Specialized in Node.js back-ends and CLIs, he led Netlify Build, Plugins and Configuration for 2.5 years. Feel free to contact him on his website or on LinkedIn!
Breaking changes (not types)
Dropped support for Node.js version
<18.19.0
and20.0.0 - 20.4.0
. (834e372)When the
encoding
option is'buffer'
, the output (result.stdout
,result.stderr
,result.all
) is now anUint8Array
instead of aBuffer
. For more information, see this blog post. (by @ younggglcy) (#586)encoding
option. (#586, #928)+ await execa('node', ['file.js'], {encoding: 'buffer'});
- await execa('node', ['file.js'], {encoding: 'utf-8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});
- await execa('node', ['file.js'], {encoding: 'UTF8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});
- await execa('node', ['file.js'], {encoding: 'utf-16le'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});
- await execa('node', ['file.js'], {encoding: 'ucs2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});
- await execa('node', ['file.js'], {encoding: 'ucs-2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});
- await execa('node', ['file.js'], {encoding: 'binary'});
+ await execa('node', ['file.js'], {encoding: 'latin1'});
subprocess.pipeStdout()
,subprocess.pipeStderr()
andsubprocess.pipeAll()
has been removed. Instead, a{file: './path'}
object should be passed to thestdout
orstderr
option. (#752)+ await execa('node', ['file.js'], {stdout: {file: 'output.txt'}});
- await execa('node', ['file.js']).pipeStderr('output.txt');
+ await execa('node', ['file.js'], {stderr: {file: 'output.txt'}});
- await execa('node', ['file.js']).pipeAll('output.txt');
+ await execa('node', ['file.js'], {
+ stdout: {file: 'output.txt'},
+ stderr: {file: 'output.txt'},
+});
subprocess.pipeStdout()
,subprocess.pipeStderr()
andsubprocess.pipeAll()
has been removed. Instead, the stream should be passed to thestdout
orstderr
option. If the stream does not have a file descriptor,['pipe', stream]
should be passed instead. (#752)+ await execa('node', ['file.js'], {stdout: ['pipe', stream]});
- await execa('node', ['file.js']).pipeStderr(stream);
+ await execa('node', ['file.js'], {stderr: ['pipe', stream]});
- await execa('node', ['file.js']).pipeAll(stream);
+ await execa('node', ['file.js'], {
+ stdout: ['pipe', stream],
+ stderr: ['pipe', stream],
+});
subprocess.pipeStdout()
,subprocess.pipeStderr()
andsubprocess.pipeAll()
methods have been renamed tosubprocess.pipe()
. The command and its arguments can be passed tosubprocess.pipe()
directly, without callingexeca()
a second time. Thefrom
piping option can specify'stdout'
(the default value),'stderr'
or'all'
. (#757)+ await execa('node', ['file.js']).pipe('node', ['other.js']);
- await execa('node', ['file.js']).pipeStderr(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'stderr'});
- await execa('node', ['file.js']).pipeAll(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'all'});
signal
option tocancelSignal
. (#880)error.killed
toerror.isTerminated
. (#625)subprocess.cancel()
has been removed. Please use eithersubprocess.kill()
or thecancelSignal
option instead. (#711)forceKillAfterTimeout
option toforceKillAfterDelay
. Also, it is now passed toexeca()
instead ofsubprocess.kill()
. (#714, #723)verbose
option is now a string enum instead of a boolean.false
has been renamed to'none'
andtrue
has been renamed to'short'
. (#884)+ await execa('node', ['file.js'], {verbose: 'none'});
- await execa('node', ['file.js'], {verbose: true});
+ await execa('node', ['file.js'], {verbose: 'short'});
execPath
option has been renamed tonodePath
. It is now a noop unless thenode
option istrue
. Also, it now works even if thepreferLocal
option isfalse
. (#812, #815)serialization
option is now'advanced'
instead of'json'
. In particular, when callingsubprocess.send(object)
with an object that contains functions or symbols, those were previously silently removed. Now this will throw an exception. (#905)subprocess.stdout
,subprocess.stderr
orsubprocess.all
is manually piped, the.pipe()
call must now happen as soon assubprocess
is created. Otherwise, the output at the beginning of the subprocess might be missing. (#658, #747)subprocess.kill()
and to thekillSignal
option cannot be lowercase anymore. (#1025)+ const subprocess = execa('node', ['file.js'], {killSignal: 'SIGTERM'});
- subprocess.kill('sigterm');
+ subprocess.kill('SIGTERM');
Features
Execution