[Snyk] Upgrade publint from 0.1.16 to 0.2.7 #6
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade publint from 0.1.16 to 0.2.7.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 8 versions ahead of your current version.
The recommended version was released on 5 months ago.
Release notes
Package name: publint
Features
"main"
/"module"
and"exports"
fields, but the"exports"
field doesn't export the root entrypoint, warn about the inconsistency. When"exports"
is defined, it takes the highest priority, so all the library's entrypoint (root and deep) needs to be specified here. (#88)"type"
field. In Node.js v20.10.0, it introduces a new--experimental-default-type
flag to flip the default module system from "CJS-as-default" to "ESM-as-default". It's recommended for libraries to specify the"type"
field explicitly to prevent CJS files from being incorrectly interpreted as ESM. This suggestion helps push towards a better ESM experience in the future. (#83)Full Changelog: v0.2.6...v0.2.7
Features
jsnext:main
orjsnext
fields are used by @ sapphi-red (#85)Site
New Contributors
Full Changelog: v0.2.5...v0.2.6
Bug fixes
Full Changelog: v0.2.4...v0.2.5
Bug fixes
"files"
suggestion. An incorrect suggestion was given when you're using.npmignore
or.gitignore
to limit publishing certain files.Site
Full Changelog: v0.2.3...v0.2.4
Features
Error if
package.json
has fields with invalid string, boolean, object, etc type (#73)Suggest using the
"files"
field if detected test or config files are published (#77)Warn on
"exports"
and"browser"
object conflict for browser-ish environments (#58)For example, given this setup:
When matching the
"worker"
condition, it will resolve to"./lib.server.js"
which is intended to work in a worker environment. However, the"browser"
field also has a matching mapping for"./lib.server.js"
, causing the final resolved path to be"./lib.browser.js"
. This is usually not intended and causes the wrong file to be loaded.Error on invalid JSX extensions, such as
.cjsx
,.mjsx
,.ctsx
, and.mtsx
(#76)These extensions are usually mistaken as ESM and CJS variants of JSX, which is not valid. Instead they should be written in ESM with the
.jsx
extension instead.Bug fixes
"main"
field with ESM content detection (#75)Site
"types"
formatFull Changelog: v0.2.2...v0.2.3
Features
"typings"
field file existence (#60)"browser"
field suggestion for using"imports"
and"exports"
fields instead (#59)Bug fixes
suggestion
instead of awarning
when it's used for backwards compatibility only (#62)Site
New Contributors
Full Changelog: v0.2.1...v0.2.2
Bug fixes
"types"
condition check with"exports"
array formatvfs
is passed"browser"
field file existence extensions checkSite
New Contributors
Full Changelog: v0.2.0...v0.2.1
Breaking changes
Note: If you're using
publint
from the CLI, these breaking changes should not affect you.publint()
now returns an object withmessages
instead of themessages
array directly. This makes way for future APIs wherepublint
will return more information than justmessages
.Rename
printMessage
API toformatMessage
to better reflect it's intent. (#43)+ import { formatMessage } from "publint/utils"
const { messages } = await publint()
for (const message of messages) {
- console.log(printMessage(message))
+ console.log(formatMessage(message))
}
Remove
filePath
arg
for theFILE_DOES_NOT_EXIST
message.The file "${message.args.filePath}" does not exist.
+ return
The file "${getPkgPathValue(pkg, message.path)}" does not exist.
}
}
Remove the
import
condition for thepublint
package. This provides a better error message if you callrequire("publint")
.Features
Improve warnings when the exported
"types"
condition has an invalid format in ESM or CJS. This ensures your library's types will work in both environments when dual publishing. (#46)It affects packages commonly packaged like:
For more information, visit the rules documentation. This feature is inspired by https://arethetypeswrong.github.io.
Bug fixes
"exports"
field have adjacent.d.ts
files and no"types"
condition. This follows TypeScript's resolution algorithm. For more information, visit the rules documentation. (#46)Full Changelog: v0.1.16...v0.2.0
Bug fixes
module
condition to precedeimport
per se. It is now ensured to precederequire
only as otherwise the condition isn't effective (#50)Full Changelog: v0.1.15...v0.1.16
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: