Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: upgrade tslib to ^2.4.0, remove @yarn-tool/resolve-package #326

Merged

Commits on May 14, 2022

  1. deps: upgrade tslib to 2.4.0, remove @yarn-tool/resolve-package

    - tslib 2.4.0 is forward and backward-compatible with older and newer
      Node exports mechanisms, so the Node 17 error should no longer be
      present
      - it has the older `./` and the newer `./*` in its package exports,
        which should allow for `package.json` to be read in both older and
        newer implementations
    
    - this allows us to remove the extra dep on `@yarn-tool/resolve-package`
      as well
      - other than less unnecessary deps being good,
        `@yarn-tool/resolve-package` is also a not well-documented package
        with very few users, which does not make for a good security posture
        for rpt2 (which has historically prioritized supply chain security
        in other issues around deps) or, in particular, its consumers, which
        there are very many of (in contrast with `@yarn-tool`)
      - per my issue comment, we could also have avoided the extra dep prior
        to the tslib upgrade by resolving to absolute paths, as Node only
        does a "weak" encapsulation of relative imports
    
    - test: add a small unit test for tslib.ts to ensure that this method
      works and passes on different Node versions in CI
      - more a smoke test that it runs at all, the testing is additional
        and a bit duplicative of the source tbh
    agilgur5 committed May 14, 2022
    Configuration menu
    Copy the full SHA
    189aaa5 View commit details
    Browse the repository at this point in the history