chore(deps): remove outdated linting modules #166
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remove devDependencies: dont-crack github-post-release pre-git simple-commit-message
|
Leave in draft state until other PRs are reviewed and merged: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Situation
pre-git
The npm module [email protected], configured in the repo, was released on Mar 13, 2018. This was 7 years ago and is the latest release of the module. The module is effectively unmaintained.
pre-gitcontains multiple unfixable vulnerabilities:postinstallhook ofpre-gitadds asemantic-releaseconfiguration option, changing the default, ifsimple-commit-messagehas been uninstalledgithub-post-release
The npm module [email protected], configured in the repo, was released on Aug 11, 2017. This was 8 years ago and is the latest release of the module. The module is effectively unmaintained.
github-post-releasecontains multiple unfixable vulnerabilities:dont-crack
The npm module [email protected], configured in the repo, was released on Jun 7, 2017. This was 8 years ago and is the latest release of the module. The module is effectively unmaintained.
dont-crackcontains multiple unfixable vulnerabilities:simple-commit-message
simple-commit-message is in the
dependenciessection of pre-git and of github-post-releasetherefore these need to be considered together:The npm module [email protected] configured in the repo, was released on Jul 4, 2021 and is the latest release. It is effectively unmaintained and has the following issues:
major:andminor:. Does not allow the use ofdocs:,testing:, etc. used in other Cypress repos.Assessment
simple-commit-message, pre-git, github-post-release and dont-crack are linting components, intended to apply rules and increase the quality of the packaged module.
Their unmaintained and vulnerable status however means that they can no longer be used. It may be possible to replace their function using supported modules, however given the number of other issues in this repo, this enhancement would need to be deferred to a later stage.
The modules are used in the configuration of
semantic-release. See also #165 for separate releated configuration issues.Since these modules are all interrelated, they need to be removed together.
Change
In package.json, remove:
devDependenciesmodules:configkey (.github/hooks)releasekey (semantic-releaseconfiguration)Verify
On Ubuntu
24.04.2LTS, Node.js22.17.1LTSexecute the following and confirm no fatal errors are reported:
npm ci npm test npx semantic-release --dry-runFollow-up
Locally, it may be necessary to remove hooks from
.git/hooksmanually.