Added codemods in upgradation guide

[Yugal41735]

Hey, I am adding codemods to upgradation guide for upgrading to Jasmine 5.0 from 4.x.

What is codemod? Codemod is a open source tool, which helps in migration from one version to another. This pr is made to help in migration of some breaking changes as mentioned here and here

You can test the below codemods by running the below commands to test the above mentioned changes:

npx codemod@latest jasmine/v5/handling-env-execute-callbacks npx codemod@latest jasmine/v5/node-boot-removal

Or if you have any repo in mind, you could share its link with me, I could test on it, and would update you on the results. I think it would be a great addition to community, as it will help users saving lot of their time while migrating.

[sgravrock]

I appreciate the effort you put into this, but after spending a half hour or so looking at Codemod I don't think I'm comfortable recommending it to Jasmine users. I see three major problems:

• I couldn't find any way to download a codemod without executing it. And I spent at least 20 minutes looking.
• Although codemods themselves are versioned, there doesn't appear to be any way to run a specific version.
• I couldn't find anything to suggest that the Codemod registry uses 2 factor authentication or other mechanisms to protect against account takeovers..

The first issue is fatal all by itself. But taken together, they present a real risk that someone might compromise your Codemod registry account and use it to publish a new version containing malware, with no way for Jasmine users to detect the problem before the malware runs on their machines.

As I said, I appreciate the effort. But operating a public package repository comes with serious security challenges, and it looks like the Codemod team has work to do on that front.

[Yugal41735]

Ok, got it. But, to publish our codemods to the codemod registry we have to sign in. And there's only one way to sign in, and that is using the github account, and that in itself has 2 factor authentication. So i think, this may solve the account takeover issue. Also I have already published codemod with a name, it does not allow anyone to publish any other codemod with the same name.

@mohab-sameh

[mohab-sameh]

Hi @sgravrock 👋 Mohab from the Codemod team here :)

Thanks for bringing up these points. We're always working on improving the platform. Here are some answers to your concerns:

1. • You can definitely download the codemod without executing it. You can either download the codemod source (git url is available in the published packages, e.g. here - just like npm). The rest of the links are available in the codemods' original PR. I understand that this PR's description didn't provide contextual links so this might've caused a lot of confusion.
   • Alternatively, you can download the Codemod Studio package by clicking on the export dropdown and downloading the package.
2. Thanks for bringing this up. You can in fact run a specific version as shown here in docs.
3. • Currently, the registry requires that you are authenticated using your GitHub account. We assume that your GitHub account is secure. If it is compromised, then access to Codemod Registry is one of many other concerns you might have. Account takeover without unauthorized access to a user's GitHub account should not be possible.
   • However, I understand that adding an extra layer of security isn't a bad idea either. For now, write access to published codemods is only available when you are authenticated using Codemod CLI and have organizational access to the published codemod. So there should be no critical security risks in this scenario.

Please let me know if you have any more concerns. Our community is really keen on bringing an awesome migration experience just like we do with React, MSW, Nuxt, pnpm, and more.

Making sure this is an improvement over the previous manual upgrade experience is our community's top priority, so your feedback really helps.