Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release pa11y@8 #696

Merged
merged 13 commits into from
Mar 26, 2024
Merged

Release pa11y@8 #696

merged 13 commits into from
Mar 26, 2024

Conversation

danyalaytekin
Copy link
Member

@danyalaytekin danyalaytekin commented Mar 15, 2024
edited
Loading

Note

  1. pa11y-bot will release pa11y@8.0.0 from main once this is merged and the draft GitHub Release published
  2. Full diff since 7.0.0

Components

Changes in this PR

  • Update version guards in reporters/* and runners/*
  • Add CHANGELOG.md entry
  • Add MIGRATION.md entry
  • Update README.md
  • Create draft release

The stale next dist tag was also deleted in:

To run this version locally

npx pa11y/pa11y#version-8 https://example.com

Package comparison

npm pack for proposed release 
danyal, pa11y (version-8) > npm pack
npm notice 
npm notice 馃摝  pa11y@8.0.0
npm notice === Tarball Contents === 
npm notice 7.7kB  LICENSE                  
npm notice 30.6kB README.md                
npm notice 8.9kB  bin/pa11y.js             
npm notice 9.2kB  lib/action.js            
npm notice 3.4kB  lib/option.js            
npm notice 14.0kB lib/pa11y.js             
npm notice 1.1kB  lib/reporter.js          
npm notice 2.6kB  lib/reporters/cli.js     
npm notice 710B   lib/reporters/csv.js     
npm notice 1.3kB  lib/reporters/html.js    
npm notice 659B   lib/reporters/json.js    
npm notice 1.9kB  lib/reporters/report.html
npm notice 658B   lib/reporters/tsv.js     
npm notice 7.1kB  lib/runner.js            
npm notice 5.5kB  lib/runners/axe.js       
npm notice 2.8kB  lib/runners/htmlcs.js    
npm notice 2.0kB  package.json             
npm notice === Tarball Details === 
npm notice name:          pa11y                                   
npm notice version:       8.0.0                                   
npm notice filename:      pa11y-8.0.0.tgz                         
npm notice package size:  28.7 kB                                 
npm notice unpacked size: 100.0 kB                                
...
npm notice total files:   17                                      
npm notice 
pa11y-8.0.0.tgz
npm pack for pa11y@7.0.0 
danyal, pa11y (version-7) > npm pack
npm notice 
npm notice 馃摝  pa11y@7.0.0
npm notice === Tarball Contents === 
npm notice 7.7kB  LICENSE                  
npm notice 30.4kB README.md                
npm notice 8.9kB  bin/pa11y.js             
npm notice 9.2kB  lib/action.js            
npm notice 3.4kB  lib/option.js            
npm notice 14.2kB lib/pa11y.js             
npm notice 1.1kB  lib/reporter.js          
npm notice 2.6kB  lib/reporters/cli.js     
npm notice 710B   lib/reporters/csv.js     
npm notice 1.3kB  lib/reporters/html.js    
npm notice 659B   lib/reporters/json.js    
npm notice 1.9kB  lib/reporters/report.html
npm notice 658B   lib/reporters/tsv.js     
npm notice 7.1kB  lib/runner.js            
npm notice 5.5kB  lib/runners/axe.js       
npm notice 2.8kB  lib/runners/htmlcs.js    
npm notice 1.8kB  package.json             
npm notice === Tarball Details === 
npm notice name:          pa11y                                   
npm notice version:       7.0.0                                   
npm notice filename:      pa11y-7.0.0.tgz                         
npm notice package size:  28.7 kB                                 
npm notice unpacked size: 99.8 kB                
...
npm notice total files:   17                                      
npm notice 
pa11y-7.0.0.tgz

Note about Mockery

The return of the test dependency Mockery brings with it a security alert, which it would be good to remove in 8.x. This is less important than it might otherwise be, because mockery isn't included when installing pa11y globally or as a dependency; the same package was also used by pa11y@6.0.0 so we can confirm this with:

$ npm install -g pa11y@6.0.0

(... no security alert)
added 79 packages in 11s

Mockery is also present in our other projects. Down the line, we could:

  1. replace it with e.g. testdouble
  2. patch it using e.g. CVE-2022-37614 - resolve prototype pollution vuln聽mfncooper/mockery#81
  3. rework the project so we can choose to inject real dependencies or fakes

@danyalaytekin danyalaytekin added this to the 8.0.0 milestone Mar 15, 2024
@danyalaytekin danyalaytekin self-assigned this Mar 15, 2024
@danyalaytekin danyalaytekin mentioned this pull request Mar 15, 2024
Draft
9 tasks
@danyalaytekin danyalaytekin changed the title [Awaiting dependencies] Version 8.0.0 [Awaiting components] Release pa11y@8 Mar 18, 2024
@rcantin-w rcantin-w mentioned this pull request Mar 18, 2024
Merged
@danyalaytekin danyalaytekin added status: work required Issues or PRs that are incomplete and require work and removed status: blocked labels Mar 20, 2024
@danyalaytekin danyalaytekin changed the title [Awaiting components] Release pa11y@8 [WIP, preparing] Release pa11y@8 Mar 20, 2024
@danyalaytekin danyalaytekin mentioned this pull request Mar 21, 2024
Draft
7 tasks
@danyalaytekin danyalaytekin changed the title [WIP, preparing] Release pa11y@8 Release pa11y@8 Mar 21, 2024
@danyalaytekin danyalaytekin removed the status: work required Issues or PRs that are incomplete and require work label Mar 21, 2024
@danyalaytekin danyalaytekin marked this pull request as ready for review March 21, 2024 02:57
josebolos
josebolos approved these changes Mar 26, 2024
View reviewed changes
Copy link
Member

@josebolos josebolos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent job. Thank you all! 馃殌

@danyalaytekin danyalaytekin merged commit b3d7c84 into main Mar 26, 2024
9 checks passed
@danyalaytekin danyalaytekin deleted the version-8 branch March 26, 2024 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josebolos josebolos josebolos approved these changes

@hollsk hollsk Awaiting requested review from hollsk

Assignees

@danyalaytekin danyalaytekin

Labels
None yet
Projects
None yet
Milestone
8.0.0
Development

Successfully merging this pull request may close these issues.

Version 7.0.0 requires an unsupported version of puppeteer
2 participants
@danyalaytekin @josebolos