Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove outdated stylelint types #254

Merged
merged 1 commit into from
Jan 10, 2022
Merged

fix: remove outdated stylelint types #254

merged 1 commit into from
Jan 10, 2022

Conversation

rchl
Copy link

@rchl rchl commented Dec 3, 2021
edited

This PR contains a:

  • bugfix
  • new feature
  • code refactor
  • test update
  • typo fix
  • metadata update

Motivation / Use-Case

The @types/stylelint package is for Stylelint 13. Stylelint 14 includes type declarations already.

The issue with installing this dependency in a project that uses Stylelint 14+ is that it includes outdated "postcss" (v7) dependency that might cause issues in the host project.

Breaking Changes

For projects that are still using Stylelint 13 this could potentially be a breaking change (if the project interacts with stylelint related types directly). The fix would be to add @types/stylelint dependency manually in the project.

Even though this is potentially a breaking change, bumping to next major version is not really an option since it's already taken.

Additional Info

@ricardogobbosouza

@rchl
fix: remove outdated stylelint types
5b8d3cd 
The `@types/stylelint` package is for Stylelint 13. Stylelint 14
includes type declarations already.

The issue with installing this dependency in a project that uses
Stylelint 14+ is that it includes outdated "postcss" (v7) dependency
that might cause issues in the host project.
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Dec 3, 2021
edited

CLA Signed

The committers are authorized under a signed CLA.

@alexander-akait
Copy link
Member

I see, but in this case we will break, stylelint v13 usage... but we can say in docs about using other types for v13

@rchl
Copy link
Author

rchl commented Dec 4, 2021

Yes, I've added comment about that already. @types/stylelintis for stylelint 13. Stylelint 14 includes types already.

I believe that majority of use cases will not actually require types but there is always a chance of this breaking someone's use case.

@ricardogobbosouza
Copy link
Collaborator

ricardogobbosouza commented Dec 5, 2021
edited

@rchl I just didn't understand why the tests failed

@rchl
Copy link
Author

rchl commented Dec 5, 2021

Looks like npm started using ES syntax that doesn't work anymore in Node 10.

@skjnldsv skjnldsv mentioned this pull request Jan 8, 2022
Closed
@skjnldsv
Copy link

skjnldsv commented Jan 8, 2022

Looks like npm started using ES syntax that doesn't work anymore in Node 10.

lts is 16, maybe it's start removing support for node 10? 🤔

@ricardogobbosouza ricardogobbosouza merged commit 69f33bf into webpack-contrib:2.x Jan 10, 2022
@rchl rchl deleted the fix/types branch January 10, 2022 12:47
@skjnldsv
Copy link

Thank you everyone involved! 🎉
Happy new year (it's not too late, isn't it? 😁)

@skjnldsv
Copy link

Should it be ported to master too?

@NLueg
Copy link

NLueg commented Jan 11, 2022

@skjnldsv it should definitely ported to master in my opinion.
We also have an issue with the 3.1.0 version:

postcss  <8.2.13
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install stylelint-webpack-plugin@2.1.1, which is a breaking change
node_modules/@types/stylelint/node_modules/postcss
  @types/stylelint  9.10.0 - 13.13.3
  Depends on vulnerable versions of postcss
  node_modules/@types/stylelint
    stylelint-webpack-plugin  >=2.2.0
    Depends on vulnerable versions of @types/stylelint
    node_modules/stylelint-webpack-plugin

3 moderate severity vulnerabilities

@alexander-akait
Copy link
Member

@ricardogobbosouza friendly ping, we should port it to master

@ricardogobbosouza
Copy link
Collaborator

Released v2.3.2 and v3.1.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexander-akait alexander-akait alexander-akait approved these changes

@ricardogobbosouza ricardogobbosouza ricardogobbosouza approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@rchl @alexander-akait @ricardogobbosouza @skjnldsv @NLueg