Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency yeoman-generator to v6 - autoclosed #314

Closed
wants to merge 1 commit into from
Closed

Update dependency yeoman-generator to v6 - autoclosed #314

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Mar 3, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
yeoman-generator (source) dependencies major ^0.24.1 -> ^6.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Critical 9.8 CVE-2021-25949 #136
Critical 9.8 CVE-2022-29078 #215
Critical 9.8 CVE-2022-29078 #215
Critical 9.8 WS-2021-0153 #214
High 7.5 CVE-2021-3749 #220
High 7.5 CVE-2021-3807 #271
High 7.5 CVE-2022-24785 #208
High 7.5 CVE-2022-25883 #307
High 7.5 CVE-2022-31129 #238
High 7.5 CVE-2023-26115 #310
High 7.1 CVE-2022-0144 #144

Release Notes

yeoman/generator (yeoman-generator)

v6.0.0

Compare Source

The yeoman-generator package now export a native ESM module. (Learn more about ESM)

Notable changes:

  • Convert to typescript
  • Drop node 12/14 support.
  • Requires yeoman-environment ^3.18.4.
  • Provides built-in types.
  • Uses new @yeoman/types for environment/generator interoperability. May conflict with @types/yeoman-* types.
  • Move skipParseOptions and customPriorities to features c12806a
  • Drop deprecated install (and not included by default) action 1a856b1
    Install action was not scalable. A separated task package can be considered at yeoman-api.
  • run-async is not provided anymore:
    Convert to Promises or use run-async v3:
import runAsync from 'run-async';
class Gen {
  asyncTaskWithCallback: runAsync(function() {
    const done = this.async();
    asyncMethod(done);
  }),
}
  • composeWith is async:
    • If used inside constructor, move it to _postConstruct or beforeQueue.
    • Due to complexity, prefer composeWith(generator, composeOptions signature.

v5.10.0

Compare Source

  • accept yeoman-environment v4 a8c526b

v5.9.0

Compare Source

v5.8.0

Compare Source

  • always create a new mem-fs-editor instance instead of using shared instance. 7bec553

v5.7.1

Compare Source

  • add options to queueTransformStream. dac0db6

v5.7.0

Compare Source

  • make prompt default value dynamic ea460eb
  • show error message when task fails. 92cc534

v5.6.1

Compare Source

  • Move custom args inside the runAsync for better error handling ef3f702
  • Allow task to override taskPrefix. d2f4274
  • Fix destinationRoot overridden by current value. f6e1e67
  • Fix resolved when not passed by options. 52ac34c

v5.6.0

Compare Source

v5.5.2

Compare Source

  • Fix createStorage with options. 185a408

v5.5.1

Compare Source

  • Add options parameter to createStorage. 82db7d0

v5.5.0

Compare Source

  • Rework private methods. dac452e
  • Add args to queueTask. cf8580f
  • Add optional support to sorted Storage. cf2e53f
  • Documentation improvements.

v5.4.2

Compare Source

v5.4.1

Compare Source

v5.4.0

Compare Source

  • Add immediately parameter to composeWith 8fd5c86
  • Add support to beforeQueue. b8747da

v5.3.0

Compare Source

v5.2.0

Compare Source

  • Changes to required/recommended yeoman-environment version. de61c24, 4587a29, d101a41, 0898158
  • Add optional peer dependency on yeoman-environment 26797e6
  • Add support to tasksMatchingPriority feature. 93e01ea
  • Move uniqueBy calculation to the constructor. 4dcda8a
  • Resolve dependencies with empty versions to latest. d952868

v5.1.0

Compare Source

  • Add features argument to constructor. 9729a58
  • Delete option instead of setting undefined. 86d1ad3

v5.0.1

Compare Source

  • Bump xo to 0.38.1 and move to devDependencies. 3f51315

v5.0.0

Compare Source

Breaking changes

  • Requires node 12.
  • Requires [email protected] (unreleased yo@4).
  • Conflicter moved to the Environment.
  • Install action is deprecated and is not included by default.
    • Replaced by package.json manipulation
      • addDependencies({dependency: 'version'})
      • addDevDependencies({dependency: 'version'})
      • this.packageJson storage. Eg: this.packageJson.merge({scripts: {test: 'mocha'}});
    • Install task will be executed later by the Environment when package.json changes.
    • To load it:
const Generator = require('yeoman-generator');
-_.extend(Generator.prototype, require('yeoman-generator/lib/actions/install'));
  • Singleton Generators support passing unique: 'namespace' or unique: 'argument'.
  constructor(args, options = {}) {
    super(args, {...options, unique: 'namespace'}
  }
  • Misc
    • this.(spawnCommand/spawnCommandSync) switched to execa and now defaults cwd to this.destinationRoot().
    • Dropped support for kebab case options.
    • composeWith() isn't chainable anymore and delegates the running to the Environment for singleton checks.
    • Replaced registerTransformStream with queueTransformStream.
      New api executes transformations before the commit operation, and is executed for every generator.
    • Dependencies update.

v4.13.0

Compare Source

v4.12.0

Compare Source

  • Fixes running --help.
  • Implement registerPriorities.

v4.11.0

Compare Source

  • Add Storage caching.
  • Add support to generators with no tasks.
  • Add Storage proxy, it can be used as a plain js object instead of using get/set.
  • Pass the generator as context to ejs (when using built-in shortcuts).
  • Bug fixes.

v4.10.1

Compare Source

  • Add skipLocalCache option.
    Cache prompt suggestions only to global yo-rc.

v4.10.0

Compare Source

  • Add shortcuts to mem-fs-editor methods
  • Make properties/functions starting with # reserved for composing.
  • Fixes and improvements.

v4.9.0

Compare Source

  • Add support to prompts with storage. this.prompt(prompts, this.config); will use the storage to read/write answers.
    • Prompt is ignored if the value is !== undefined (pass --ask-answered to force the prompt to be shown, stored value is the default value)

v4.8.3

Compare Source

  • Remove run-queue pause.
    It doesn’t work due to multiple scheduled runs.

v4.8.2

Compare Source

  • Improve error handler with newer environments.

v4.8.1

Compare Source

  • Revert error handler behavior: Make sure it's not handled.
  • Make sure to don't continue runLoop when a error is emitted.

v4.8.0

Compare Source

  • Fix security warning.
  • Any emitted error rejects #run promise.
  • Implement cancellable tasks. (#​1204)
  • Add option to forward errors to the environment.
  • Make yeoman-environment and mem-fs-editor dependency optional.
  • Implement conflicter predefined status (#​1210)
  • Allow decoupling generator's and composed generator's cwd from env cwd.
  • Implement checkEnvironmentVersion
  • Fixes.

v4.7.2

Compare Source

  • Add missing parameter to catch.
  • Update dependencies.

v4.7.1

Compare Source

  • Fixes dependency error.

v4.7.0

Compare Source

  • Fix generator standalone run.
  • Allow Storage to use lodash paths.

v4.6.0

Compare Source

  • Emit event on environment once queued task is done. (#​1172, #​1177)

  • Improvements to custom queues (#​1158)

    • Create queueTask, createTaskGroup methods.
    • Add options to custom priorities.

  • Implement createStorage convenience method (#​1168)

  • Implement localConfigOnly option. (#​1161)

  • Add returnNewGenerator option to composeWith (#​1157, #​1170, #​1178)

  • Documentation fixes and improvements.

v4.5.0

Compare Source

  • Feature: new customPriorities constructor option.
  • Feature: new debug method.
    • Uses a debug object with options.namespace as namespace.
  • Minor fixes and improvements

v4.4.0

Compare Source

  • New dryRun option. Conflicter will skip every file change.
  • Storage#commit() now uses fs.writeJSON instead of fs.write(JSON.stringfy())
  • Storage allows to omit the name parameter on constructor.

v4.3.0

Compare Source

  • New feature: Generator#queueMethod() can now be called with an object.

v4.2.0

Compare Source

  • New feature: Support diffing to ignore whitespace change yo node --no-whitespace
  • New feature: Generator#composeWith() can now be called with an array of generators.
  • Bugfix: Fixes bug when a generator default export is under exports.default (like when compiling es6 modules with Babel)
    • some other minor fixes and improvements

v4.1.0

Compare Source

  • New --bail flag who'll exit the generator as soon as a conflict occurs.
  • New generator#queueMethod() allows generator to programmatically schedule tasks on the queue. This can be useful for parents generator who're inherited by children generators to schedule some default tasks automatically. (not a very common use, but might be useful in some edge cases)

v4.0.2

Compare Source

  • Fix bug with detection of binary files.

v4.0.1

Compare Source

v4.0.0

Compare Source

Breaking

  • Officially supports Node >= 8 (dropped support for Node 6)
  • Install methods will be run 1 time per set of arguments. Previously we'd only run them once no matter the arguments, this prevented use case like different npm settings for more complicated setup with different targets (server/browser) #​1108

v3.2.0

Compare Source

Added a new optional syntax to use composeWith:

this.composeWith({
    Generator: require('generator-x'),
    path: require.resolve('generator-x')
})

v3.1.1

Compare Source

Fix some issues with --force-install not being detected properly from the command line arguments.

v3.1.0

Compare Source

Add --force-install flag which will cause the generator to throw if the installation phase fail.

v3.0.0

Compare Source

Maintenance release with a few breaking change that shouldn't impact most users.

Breaking
  • mem-fs-editor updated to latest release. A sub-dependency moved from node-glob to fast-glob, so some of the this.fs methods glob options will change.
  • Install methods: npmInstall, bowerInstall, yarnInstall and installDependencies do not return promises anymore. This behavior was confusing and a major source of bugs. To handle actions after the install might've run (if user didn't specify --skip-install), use the end run loop phase.
  • Renamed runInstall to scheduleInstallTask
New
  • For users of the Yeoman API: generator.run() now returns a promise as well as taking a callback (the callback will keep working for the foreseeable future as we need to maintains backward compatibility with older generators)

v2.0.5

Compare Source

Output more useful information to end user when a command fails or is skipped.

v2.0.4

Compare Source

v2.0.3

Compare Source

  • Update dependencies with security vulnerabilities.

v2.0.2

Compare Source

  • Fix error when the prompt choices options is provided as a function instead of an array. (Drawback: this will turn off Yeoman reuse of the previously provided answer)

v2.0.1

Compare Source

  • Bump dependencies (including security patch on debug)

v2.0.0

Compare Source

This release fix a few bugs and focus on modernizing our codebase to ES6 style.

Breaking changes
  • Generator.extend() is replaced in favor of class extends Generator {}
  • Generator#github.username() now returns a promise instead of taking a callback
  • Install functions now returns promises (installDependencies, runInstall, bowerInstall, npmInstall and yarnInstall)
New features
  • installDependencies now accept command line arguments as options for each sub-command (#​1014)
    this.installDependencies({
      npm: {saveDev: true},
      bower: {depth: 0}
    });
Fix
  • Fix diffing dying on empty files (#​1028)

v1.1.1

Compare Source

  • af3048f Fix issue with API documentation deploy script
  • 74cb46f Document legacy Generator.extend method properly - rel #​996
  • 6d267f0 Use XO
  • 17173a2 chore(package): update yeoman-assert to version 3.0.0 (#​1004)
  • 59d0120 Add eslint as direct dev dependency
  • cf67f66 Bump dependencies
  • ac542ba Bump dev dependencies
  • 0b06786 Improve option name validation message
  • 67b90f4 Add failing test for Boolean options starting with no-
  • 51414c0 Update Travis test matrix

v1.1.0

Compare Source

  • Bump mem-fs-editor to v3.0. New this.fs.append() method, and fix bugs with copy and delete operating on non-committed directories.

v1.0.1

Compare Source

  • Fix regression where Boolean options couldn't be undefined.

v1.0.0: 🎉

Compare Source

Say allo' to yeoman-generator 1.0 🎉

Most important changes

  • Updates to option and argument parsing
  • Updates to composeWith
  • Simpler default export
  • Yarn support
  • Deleted deprecated functions

See blog post for detailed information about the changes and hints for migrating your generator.

Full changelog

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Mar 3, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency yeoman-generator to v6 Update dependency yeoman-generator to v6 - autoclosed Oct 6, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/yeoman-generator-6.x branch October 6, 2024 02:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants