davityavryan / yarn-audit-html

Generate a HTML report for Yarn Audit
MIT License
29 stars 13 forks source link

chore(deps-dev): bump esmock from 2.3.5 to 2.5.2 #132

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps esmock from 2.3.5 to 2.5.2.

Release notes

Sourced from esmock's releases.

lookup export type based on package.json type

This release updates the resolver to improve module resolution. See resolvewithplus tags v2.0.6 and v2.0.7.

Essentially, the resolver is updated to lookup the export type based on package.json type. For example, if package.json type is "module", the "import" definition is resolved, else if package.json type is undefined or "commonjs", the "require" definition is resolved. Previous versions of esmock usually reslved commonjs/require when those were defined and because most packages are published as commonjs, the issues resolved at this release likely did not affect anyone,

  • resolve "exports" before "main". The spec says: the "exports" field takes precedence over "main" in supported versions of Node.js. The updated resolver correctly returns "main" before "exports" (older resolver did not).
  • use package.json "type" to return "import" or "require". The older resolver did not read package.json type and returned incorrect "require" values for some packages. For example, if this inferno package where changed to use type "module", the older resolver would return "index.js" rather than "index.esm.js"

improve ts resolution

resolve existing ".ts" files, rather than ".js" files, when typescript is detected, thanks @​tpluscode

use initialize loader hook

esmock is updated to use the new "initialize" node loader hook https://nodejs.org/api/esm.html#initialize and, essentially, esmock no longer requires --loader=esmock when used with current releases of node

detect null and undefined loader-returned sources

Detects null AND undefined loader-returned source definitions

diff --git a/src/esmockLoader.js b/src/esmockLoader.js
index 69dedd4..e835ec3 100644
--- a/src/esmockLoader.js
+++ b/src/esmockLoader.js
@@ -145,7 +145,8 @@ const load = async (url, context, nextLoad) => {
       if (!/^(commonjs|module)$/.test(nextLoadRes.format))
         return nextLoad(url, context)
  •  const source = nextLoadRes.source === null
    
  •  // nextLoadRes.source sometimes 'undefined' and other times 'null' :(
    
  •  const source = nextLoadRes.source === null || nextLoadRes.source === undefined
       ? String(await fs.readFile(new URL(url)))
       : String(nextLoadRes.source)
     const hbang = (source.match(hashbangRe) || [])[0] || ''
    

node v20.6 solutions

node v20.6 caused some issues. The primary issue was that the newest import.meta.resolve defined by node has significantly and suddenly changed. The newer import.meta.resolve is less useful and no longer supports the parent param as in the call import.meta.resolve(moduleId, parent),

simplify loader detection

clerical changes to simplify loader detection,

clerical changes fewer loc

Clerical changes to reduce lines of code and update some test files,

... (truncated)

Changelog

Sourced from esmock's changelog.

changelog

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 1 year ago

Codecov Report

All modified lines are covered by tests :white_check_mark:

Comparison is base (0907dbb) 96.15% compared to head (91c272f) 96.15%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #132 +/- ## ======================================= Coverage 96.15% 96.15% ======================================= Files 2 2 Lines 260 260 Branches 34 34 ======================================= Hits 250 250 Misses 10 10 ``` | [Flag](https://app.codecov.io/gh/davityavryan/yarn-audit-html/pull/132/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan) | Coverage Δ | | |---|---|---| | [Node-v18](https://app.codecov.io/gh/davityavryan/yarn-audit-html/pull/132/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan) | `96.15% <ø> (ø)` | | | [Node-v20](https://app.codecov.io/gh/davityavryan/yarn-audit-html/pull/132/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan) | `96.15% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

dependabot[bot] commented 1 year ago

Superseded by #136.