davityavryan / yarn-audit-html

Generate a HTML report for Yarn Audit
MIT License
29 stars 13 forks source link

chore(deps-dev): bump esmock from 2.3.5 to 2.5.7 #140

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps esmock from 2.3.5 to 2.5.7.

Release notes

Sourced from esmock's releases.

resolve critical error

mainly this issue resolves a critical error reported here iambumblehead/esmock#260

increment resolver

update resolver to latest version, resolves a resolution error that seems to have been introduced by a previous update from the past week.

support yarn PnP @​koshic

support yarn PnP @​koshic

call resolver with builtin moduleIds

This change affects custom resolvers, which are supported from v2.5.2. Per the spec, resolvers will be called with the builtin moduleIds, such as "node:path" and "fs"

add support for custom resolver

This release adds support for custom using a custom resolver. Specifically, a yarn PnP resolver can be passed to esmock, so that yarn PnP moduleIds can be resolved.

const modulePnP = await esmock('../src/parent.js', {
  '../src/PnPchild.js' : () => ['a', 'b']
}, null, {
  resolver: pnpapi.resolveRequest
})

lookup export type based on package.json type

This release updates the resolver to improve module resolution. See resolvewithplus tags v2.0.6 and v2.0.7.

Essentially, the resolver is updated to lookup the export type based on package.json type. For example, if package.json type is "module", the "import" definition is resolved, else if package.json type is undefined or "commonjs", the "require" definition is resolved. Previous versions of esmock usually reslved commonjs/require when those were defined and because most packages are published as commonjs, the issues resolved at this release likely did not affect anyone,

  • resolve "exports" before "main". The spec says: the "exports" field takes precedence over "main" in supported versions of Node.js. The updated resolver correctly returns "main" before "exports" (older resolver did not).
  • use package.json "type" to return "import" or "require". The older resolver did not read package.json type and returned incorrect "require" values for some packages. For example, if this inferno package where changed to use type "module", the older resolver would return "index.js" rather than "index.esm.js"

improve ts resolution

resolve existing ".ts" files, rather than ".js" files, when typescript is detected, thanks @​tpluscode

use initialize loader hook

esmock is updated to use the new "initialize" node loader hook https://nodejs.org/api/esm.html#initialize and, essentially, esmock no longer requires --loader=esmock when used with current releases of node

detect null and undefined loader-returned sources

Detects null AND undefined loader-returned source definitions

diff --git a/src/esmockLoader.js b/src/esmockLoader.js
index 69dedd4..e835ec3 100644
--- a/src/esmockLoader.js
</tr></table> 

... (truncated)

Changelog

Sourced from esmock's changelog.

changelog

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 1 year ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (0907dbb) 96.15% compared to head (1c5c497) 96.15%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #140 +/- ## ======================================= Coverage 96.15% 96.15% ======================================= Files 2 2 Lines 260 260 Branches 34 34 ======================================= Hits 250 250 Misses 10 10 ``` | [Flag](https://app.codecov.io/gh/davityavryan/yarn-audit-html/pull/140/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan) | Coverage Δ | | |---|---|---| | [Node-v18](https://app.codecov.io/gh/davityavryan/yarn-audit-html/pull/140/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan) | `96.15% <ø> (ø)` | | | [Node-v20](https://app.codecov.io/gh/davityavryan/yarn-audit-html/pull/140/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan) | `96.15% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Davit+Yavryan#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

dependabot[bot] commented 1 year ago

Looks like esmock is up-to-date now, so this is no longer needed.