feat: ES Module #411
feat: ES Module #411
Conversation
Update the Node.js versions in the test workflow to include 20.8.1, 20, and 21. This ensures compatibility with different versions of Node.js during testing. Also, replace the deprecated "npm ci" command with "npm clean-install" to install dependencies. Additionally, add a step to run "npm audit signatures" to check for any security issues in the dependencies. Finally, include a step to scan the lockfile for security issues using "lockfile-lint".
| - 16 | ||
| - 20.8.1 | ||
| - 20 | ||
| - 21 |
There was a problem hiding this comment.
| - 21 | |
| - 22 |
since v21 is EOL at this point and v22 becomes LTS before the end of october
| # https://github.com/lirantal/lockfile-lint#readme | ||
| - name: Scan lockfile for security issues | ||
| run: npx lockfile-lint --path package-lock.json |
There was a problem hiding this comment.
for the other repos with more recent changes, we've moved this into the scripts in package.json that end up getting called from npm t
this changeset is a good reference for the group of changes that are related to what i'm highlighting here. i would also be ok with these changes being a follow-up to this PR, but the changes you are making in this PR set us up for those changes to make sense whichever way you decide is best
There was a problem hiding this comment.
after a little more thought, i think it may make sense to hold off on changing this for a follow-up instead of adding into this one. still open to either option, but i think splitting from this isolates things a little better
| "c8": "^10.1.2", | ||
| "semantic-release": "^24.1.2", |
There was a problem hiding this comment.
super minor since renovate will pin these after they are merged anyway, but more for awareness, our typical practice is to pin dev-deps to exact versions and leave prod-deps as ranges
| "parse-json": "^5.0.0" | ||
| "lodash-es": "^4.17.21", | ||
| "parse-json": "^5.0.0", | ||
| "prettier": "^3.3.3" |
There was a problem hiding this comment.
prettier should be under dev-deps
| ], | ||
| "all": true | ||
| }, | ||
| "exports": "./index.js", |
There was a problem hiding this comment.
i know main isnt strictly needed after switching to exports, but i've hit enough snags with removing it from other projects, that i think it is still best to keep around for backward compatibility for now. lets have both exports and main set to the same value
This PR converts the plugin to ESM only.
Related to semantic-release/semantic-release#2133
BREAKING CHANGE:
@semantic-release/execis now a native ES Module. It has named exports for each plugin hook (verifyConditions, analyzeCommits, verifyRelease, generateNotes, prepare, publish, addChannel, success, fail)BREAKING CHANGE: the minimum required version of semantic-release to use
@semantic-release/execis now v24.1.0; thewarnlogger method/function is now available to use in pluginOther Changes Made
xowithprettierwith default configuration; following newly established conventionnycwithc8for code coveragelodashwithlodash-esfor properesmsupportRelated Issues/PR
Closes #283
Closes #406
Closes #407
Screencast
screencast-github_com-2024_10_17-20_48_14.mp4