Skip to content

chore: update dependencies and refactor code for compatibility#2495

Merged
sjinks merged 6 commits intotrunkfrom
update/esm-deps
Aug 13, 2025
Merged

chore: update dependencies and refactor code for compatibility#2495
sjinks merged 6 commits intotrunkfrom
update/esm-deps

Conversation

@sjinks
Copy link
Member

@sjinks sjinks commented Aug 7, 2025

Description

This pull request updates ESM dependencies to their latest versions. This was possible because Node.js now supports using require() on synchronous ES modules.

The update required some other changes:

  • The module resolution strategy, along with the module system, had to be changed to NodeNext;
  • Jest's transformIgnorePatterns had to be explicitly cleared. This increased memory consumption and test execution time (by roughly 4%), but allowed us to use ESM dependencies. The alternative was to mention every ESM package (including transitive dependencies), but that does not scale.
  • xdg-basedir was replaced with a small function that does the same but is more testable. Mocking ESM in Jest is a huge pain.

Key changes include:

Testing environment improvements:

  • All end-to-end test files in __tests__/devenv-e2e/00*-*.spec.js now set process.env.XDG_DATA_HOME directly instead of modifying or mocking xdg-basedir.data, simplifying and standardizing test setup. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26]

  • In __tests__/lib/dev-environment/dev-environment-core.js, replaces the xdg-basedir mock with direct manipulation of process.env.XDG_DATA_HOME, and updates tests to use the local xdg-data utility. Updates test cases to reflect this change and to mock the new utility when testing error cases. [1] [2] [3] [4]

  • Updates __tests__/lib/dev-environment/env-vars.spec.js to use the new xdg-data utility instead of xdg-basedir for environment file path resolution. [1] [2]

Dependency updates:

  • Updated @types/configstore from 5.0.1 to ^6.0.2
  • Updated chalk from 4.1.2 to ^5.5.0
  • Updated configstore from 5.0.1 to ^7.0.0
  • Updated node-fetch from ^2.6.1 to ^3.3.2
  • Updated xml2js from ^0.5.0 to ^0.6.2

Other test fixes:

  • Fixes an assertion in __tests__/lib/analytics/clients/tracks.js to expect the correct format for the user-agent header.

@sjinks sjinks self-assigned this Aug 7, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@types/configstore ^6.0.2 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
License🟢 9license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/chalk ^5.5.0 🟢 4.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/configstore ^7.0.0 UnknownUnknown
npm/node-fetch ^3.3.2 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/xml2js ^0.6.2 🟢 3.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 6/19 approved changesets -- score normalized to 3
Dangerous-Workflow⚠️ -1no workflows found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ -1No tokens found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected

Scanned Files

  • package.json

@sjinks
Copy link
Member Author

sjinks commented Aug 7, 2025

This will address #2488, #2172, #1940, #1582, #1576

@sjinks sjinks requested a review from Copilot August 7, 2025 23:45

This comment was marked as outdated.

Sign in to view

@sjinks sjinks requested a review from Copilot August 8, 2025 00:19

This comment was marked as outdated.

Sign in to view

@sjinks sjinks requested a review from Copilot August 8, 2025 00:39

This comment was marked as outdated.

Sign in to view

@sjinks sjinks requested a review from Copilot August 8, 2025 00:42

This comment was marked as outdated.

Sign in to view

@sjinks sjinks requested a review from Copilot August 8, 2025 00:44
Copilot AI reviewed Aug 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request modernizes the codebase by updating ESM dependencies to their latest versions and refactoring code for compatibility with Node.js's support for using require() on synchronous ES modules. The update required changes to TypeScript configuration, Jest setup, and the replacement of the xdg-basedir dependency with a custom utility.

Key changes include:

  • Updated multiple ESM dependencies including chalk, configstore, node-fetch, and xml2js to their latest versions
  • Replaced xdg-basedir dependency with a custom xdg-data utility function for better testability
  • Standardized test setup across all end-to-end tests to use direct environment variable manipulation

Reviewed Changes

Copilot reviewed 26 out of 29 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/lib/xdg-data.ts New utility function replacing xdg-basedir functionality
src/lib/search-and-replace.ts Updated chalk import from named to default import
src/lib/dev-environment/dev-environment-lando.ts Replaced xdg-basedir with custom xdg-data utility
src/lib/dev-environment/dev-environment-core.ts Replaced xdg-basedir with custom xdg-data utility and removed helper function
src/lib/client-file-uploader.ts Updated node-fetch type import for compatibility
src/lib/cli/exit.ts Updated chalk import from named to default import
src/lib/backup-storage-availability/backup-storage-availability.ts Replaced xdg-basedir with custom xdg-data utility
package.json Updated dependency versions and removed xdg-basedir
tests/lib/dev-environment/env-vars.spec.js Updated test to use new xdg-data utility
tests/lib/dev-environment/dev-environment-core.js Refactored tests to use environment variables instead of mocking xdg-basedir
tests/lib/analytics/clients/tracks.js Fixed test assertion for user-agent header format
tests/devenv-e2e/jest/jest.config.js Added transformIgnorePatterns configuration for ESM support
tests/devenv-e2e/*.spec.js Standardized test setup to use XDG_DATA_HOME environment variable
.github/workflows/ci.yml Changed CI strategy to continue on failure

@sjinks sjinks marked this pull request as ready for review August 8, 2025 00:50
@sjinks
Copy link
Member Author

sjinks commented Aug 8, 2025

/changelog

@github-actions
Copy link
Contributor

github-actions bot commented Aug 8, 2025

AI-Generated Changelog Entry

  • Updates the app to use the latest versions of key dependencies for improved compatibility, simplifies how data folders are handled on your computer, and makes test setup more consistent; as a result, some tests may take slightly longer to run.

sjinks added 6 commits August 13, 2025 00:42
@sjinks
chore: update dependencies and refactor code for compatibility
5c44ee5 
- Updated @types/configstore from 5.0.1 to ^6.0.2
- Updated chalk from 4.1.2 to ^5.5.0
- Updated configstore from 5.0.1 to ^7.0.0
- Updated node-fetch from ^2.6.1 to ^3.3.2
- Updated xml2js from ^0.5.0 to ^0.6.2
- Replaced xdg-basedir with custom xdgData function for better compatibility
- Refactored exit.ts and search-and-replace.ts to use updated chalk import
- Updated type imports in client-file-uploader.ts for node-fetch
- Changed TypeScript module and resolution settings to nodenext for better module handling
@sjinks
test: fix tests
569655f
@sjinks
ci(workflow): change test strategy to not fail-fast
fbe2fc1 
Updated the CI configuration to allow all test jobs to run, even if one fails.
This change aims to improve feedback during the testing process by providing
results for all configurations.
@sjinks
fix(test): do not bootstrap Lando
da1e5ba
@sjinks
refactor(xdg-data): simplify xdgData function
4c1b7db 
Removed unnecessary checks and streamlined the `xdgData` function to always return a string. This change enhances code clarity and ensures consistent return types.
@sjinks
fix(dev-env): address code review comments
b129cef
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sjinks sjinks merged commit 853b1b3 into trunk Aug 13, 2025
19 checks passed
@sjinks sjinks deleted the update/esm-deps branch August 13, 2025 01:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rinatkhaziev rinatkhaziev rinatkhaziev approved these changes

Assignees

@sjinks sjinks

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sjinks @rinatkhaziev