chore(deps): update dependency publint to v0.3.9 (master)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
publint (source)	devDependencies	minor	0.2.12 -> 0.3.9

---

Release Notes

publint/publint (publint)

v0.3.9

Compare Source

Patch Changes

• Support the formatMessage utility in the browser. It has a new color: 'html' option to highlight important parts with <strong> tags instead of ANSI colors. It also has a new reference: boolean option so the messages are worded in reference of the message location. (e1cfef0)

• If formatMessage is passed a package.json object with missing keys, the message part that references the value will now fallback to "undefined" instead of completely erroring out. (45962d1)

v0.3.8

Compare Source

Patch Changes

• Support passing a tarball path to the publint CLI. This allows to easily lint any tarball files at hand. (#​166)

  npx publint ./mylib-1.0.0.tgz

• The publint API now returns a pkg object as a convenience to pass it to formatMessage (#​166)

• Updated dependencies [02d169b]:

  • @​publint/pack@​0.1.2

v0.3.7

Compare Source

Patch Changes

• The "imports" field is now linted with the following rules: (#​162)

  • IMPORTS_KEY_INVALID: Ensure the imports key starts with a #
  • IMPORTS_VALUE_INVALID: Ensure the imports value is a valid path that starts with a ./
  • IMPORTS_GLOB_NO_MATCHED_FILES: Ensure the imports glob matches at least one file
  • IMPORTS_DEFAULT_SHOULD_BE_LAST: Ensure the "default" condition is last in an entrypoint's object
  • IMPORTS_MODULE_SHOULD_BE_ESM: Ensure the "module" condition file is ESM
  • IMPORTS_MODULE_SHOULD_PRECEDE_REQUIRE: Ensure the "module" condition precedes the "require" condition in an entrypoint's object

• Improve SSH git URL detection when checking the "repository" field. Values like "[email protected]:user/project.git" is now detected as a valid git URL, but will be suggested to use a full git URL instead, like "git+ssh://[email protected]/user/project.git" (28da844)

• Fix exports types message when the "require" or "import" condition already exists but the dts file format is still invalid (a731ec3)

v0.3.6

Compare Source

Patch Changes

• Fix checking bin field file path that omits .js or /index.js (04f289e)

v0.3.5

Compare Source

Patch Changes

• Check the "bin" field if the referenced file exists, has the correct JS format, and can be executed (#​150)

• Deprecate the deps command. The command has been tricky to maintain and incomplete (e.g. doesn't lint recursively). A separate tool can be used to run publint on dependencies instead, e.g. npx renoma --filter-rules "publint". (#​149)

v0.3.4

Compare Source

Patch Changes

• When globbing "exports" values that contains *, also respect "exports" keys that mark paths as null. For example: (b9605ae)

  {
    "exports": {
      "./*": "./dist/*",
      "./browser/*": null
    }
  }

  The glob in "./*": "./dist/*" will no longer match and lint files in "./browser/*" as it's marked null (internal).

• Update logs when running the publint CLI: (58d96a2)

  • The publint version is now displayed.
  • The packing command is also displayed.
  • Messages are now logged in the order of errors, warnings, and suggestions, instead of the other way round, to prioritize errors.
  • The publint deps command no longer logs passing dependencies. Only failing dependencies are logged.

  Examples:

  $ npx publint
  $ Running publint v0.X.X for my-library...
  $ Packing files with `npm pack`...
  $ All good!

  $ npx publint deps
  $ Running publint v0.X.X for my-library deps...
  $ x my-dependency
  $ Errors:
  $ 1. ...

• Fix detecting shorthand repository URLs with the . character (09d8cbb)

• Clarify message when "types" is not the first condition in the "exports" field (5a6ba00)

• Correctly detect if a "types" value in "exports" is used for dual publishing (3f3d8b2)

v0.3.3

Compare Source

Patch Changes

• Rename EXPORT_TYPES_INVALID_FORMAT message to EXPORTS_TYPES_INVALID_FORMAT (#​139)

• Allow versioned types conditions (e.g. "types@>=5.2") in "exports" when checking for "types" condition ordering (#​138)

v0.3.2

Compare Source

Patch Changes

• (Potentially breaking) Disable running lifecycle scripts, such as prepare, prepack, and postpack, when running the pack command internally. This returns to the behavior in v0.2. (Note that this change does not apply to yarn as it does not support ignoring lifecycle scripts for local projects) (#​128)

  This change is made as running lifecycle scripts was an unintentional behavior during the v0.3 breaking change, which could cause the linting process to take longer than expected, or even cause infinite loops if publint is used in a lifecycle script.

• Update repository and bugs URLs to point to the new publint organization (1eda033)

• Updated dependencies [1eda033, 10e3891]:

  • @​publint/pack@​0.1.1

v0.3.1

Compare Source

Patch Changes

• Correctly process the pack option (#​124)

v0.3.0

Compare Source

Minor Changes

• The vfs option is removed in favour of an extended support of pack: { tarball: ArrayBuffer | ReadableStream } and pack: { files: PackFile[] } APIs. Now, it is even easier to use publint in the browser or against a packed .tgz file in Node.js. See the docs for more examples of how to use these new options. (#​122)

• Bump node version support to >=18 (cb2ed8b)

• publint now runs your project's package manager's pack command to get the list of packed files for linting. The previous npm-packlist dependency is now removed. (#​120)

  NOTE: In this release (v0.3.0), the pack command also runs lifecycle scripts like prepare, prepack, and postpack. This behavior is unintentional and is fixed in v0.3.2, where they will no longer run (except for yarn as it does not support ignoring lifecycle scripts for local projects). This returns to the behavior in v0.2.

  A new pack option is added to the node API to allow configuring this. It defaults to 'auto' and will automatically detect your project's package manager using package-manager-detector. See its JSDoc for more information of the option.

  This change is made as package managers have different behaviors for packing files, so running their pack command directly allows for more accurate linting. However, as a result of executing these commands in a child process, it may take 200-500ms longer to lint depending on the package manager used and the project size. The new handling also does not support yarn 1. See this comment for more information.

  If you use yarn 1, you should upgrade to the latest yarn version or a different package manager. Otherwise, no other changes are required for this new behavior.

Patch Changes

• Initial setup to publish with Changesets (24a62f5)

• When a dependency with the file: or link: protocol is specified in the package.json, it will now error to prevent accidentally publishing dependencies that will likely not work when installed by end-users (6e6ab33)

• Fix EXPORT_TYPES_INVALID_FORMAT linting to detect .d.mts and .d.cts files (af5e88b)

• Updated dependencies [d0b406b]:

  • @​publint/pack@​0.1.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.