Skip to content

fix: preserve comment lines with quotes + modernize deps#1

Merged
Miniluchi merged 3 commits intomainfrom
Miniluchi/modernize-deps-fix-bug54
May 4, 2026
Merged

fix: preserve comment lines with quotes + modernize deps#1
Miniluchi merged 3 commits intomainfrom
Miniluchi/modernize-deps-fix-bug54

Conversation

@Miniluchi
Copy link
Copy Markdown
Owner

@Miniluchi Miniluchi commented May 4, 2026

Bug fix — issue luqmanoop#54

Root cause: emptyObjProps() in lib/lib.ts checked for # in the value before checking whether the key was a __COMMENT_ line. When a comment like # don't use 'production' contained quoted text, the regex /('.*'|".*")/ matched it, the value was split on the quotes, and only the trailing fragment was kept — truncating most of the comment.

Fix: move the __COMMENT_ guard before the # logic so comment lines are always preserved verbatim.

Two regression tests added for both single-quote and double-quote variants.

Dependency modernisation (107 → 9 vulnerabilities)

All remaining 9 vulnerabilities are in dev-only tooling (mocha, nyc, all-contributors-cli) — zero production vulnerabilities.

Package Before After Reason
meow 5.0.0 8.1.2 Last CJS-compatible release; lib/index.ts updated to use explicit flag aliases
typescript 3.9.7 5.4.5 Major security & performance improvements
mocha 6.1.4 10.4.0 mocha.opts → .mocharc.yml
ts-node 8.x 10.9.2 TypeScript 5 support
nyc 14.x 15.1.0
sinon 7.x 17.x
rimraf 2.x 5.x
nodemon 1.x 3.x
eslint 5.x 8.x + @typescript-eslint plugin; removed babel-eslint
prettier 1.x 3.x
parcel-plugin-shebang removed Dragged in abandoned parcel-bundler v1 with many CVEs; Parcel v2 handles shebangs natively via targets config
coveralls removed Depended on abandoned request library (critical CVE); use GitHub Actions instead
np removed Same request dependency chain; replaced release script with npm publish

Test plan

Miniluchi added 3 commits May 4, 2026 20:45
@Miniluchi
fix: preserve comment lines with quotes and modernize dependencies
d4365a5 
Fix issue luqmanoop#54: emptyObjProps() now checks __COMMENT_ keys before the #
logic, preventing comment text from being truncated when it contains
single or double quotes. Two regression tests added.

Dependency updates (107 → 9 vulnerabilities, all remaining in dev tools):
- meow 5 → 8.1.2 (last CJS release; update flags API with explicit aliases)
- TypeScript 3.9 → 5.4
- mocha 6 → 10, ts-node 8 → 10, nyc 14 → 15
- sinon 7 → 17, chai 4.2 → 4.4, nodemon 1 → 3, rimraf 2 → 5
- eslint 5 → 8 with @typescript-eslint plugin; remove babel-eslint
- Remove parcel-plugin-shebang (dragged in parcel-bundler v1 CVEs)
- Remove coveralls and np (both depend on abandoned request library)
- Replace test/mocha.opts with .mocharc.yml (mocha 10 dropped .opts)
- Update tsconfig target to ES2020
@Miniluchi
chore: remove parcel targets config and ignore parcel cache
b5cfc47
@Miniluchi
chore: ignore compiled TypeScript output in lib/
45f091d
@Miniluchi Miniluchi merged commit 682ae80 into main May 4, 2026
@Miniluchi Miniluchi deleted the Miniluchi/modernize-deps-fix-bug54 branch May 4, 2026 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Miniluchi