Open
Conversation
Here’s what was done to clear **npm audit** and keep the repo building. ### Dependency & security changes - **Ran `npm audit fix`** (already applied ~37 fixes in the lockfile before the larger edits). - **Removed Babel 6** (`babel-core`, `babel-runtime`) and **deprecated Rollup plugins**; added **`@babel/core`**, **`@rollup/plugin-babel`**, **`@rollup/plugin-commonjs`**, **`@rollup/plugin-node-resolve`**. - **Rollup `^2.64` → `^4.59`** and **`rollup.config.mjs`** (ESM config, reads `package.json` with `fs` so Node 22+ JSON imports aren’t required). - **Jest `^27` → `^29`**, **`ts-jest` → `^29`**, **`@types/jest` → `^29`** (fixes the old **jsdom / `@tootallnate/once`** chain). - **Dropped unused `rollup-plugin-sass`** (it pulled an old **sass → chokidar** tree with noisy audit issues). - **`engines.node` → `>=18`** (required for Rollup 4). - **`overrides`** for **`lodash`**, **`tmp`**, **`trim-newlines`** (fixes **`commitizen` / `inquirer` / `meow`** paths without breaking **trash-cli** — `trim-newlines@5` broke **`meow`**). - **`cheerio` → `1.0.0-rc.12`** via **`overrides`** so **Enzyme 3** still resolves **`cheerio/lib/utils`** (npm was hoisting **cheerio@1.2.0**, which removed that path). - **`.babelrc`**: `@babel/plugin-proposal-class-properties` → **`@babel/plugin-transform-class-properties`** (and matching **devDependency**). ### `FormsProvider.tsx` Your working tree had **`FormsProvider.tsx` replaced by a few comment lines**, which broke the **Rollup** build (`FormsContext` missing). It was **restored from `git HEAD`**. If you still want that personal note, keep it outside this file or re-apply it after pulling the real component back from version control. ### Current status - **`npm audit`**: **0 vulnerabilities** - **`npm test`** and **`npm run build`**: **pass** If you want the Tiffany lines back *inside* the repo, say where (e.g. `README` or a private note file) and we can add them without touching the library entrypoints.
…supported. Moves publishing and changelog tagging to semantic-release via GitHub Actions, adds Dependabot for npm (`/` and `demo/`) and for GitHub Actions, and documents setup in `RELEASING.md` with a pointer from `README.md`. Swaps Enzyme/commitizen/standard-version for React Testing Library (`@testing-library/react`, `jest-dom`, `user-event`), turns on `jsdom` in `jest.config.js`, and replaces the placeholder `hello-world` test with `validations.test.ts`, `FormsProvider.engine.test.ts`, and `ClassyForm.test.tsx`. Drops the old `npm overrides` block from `package.json`. Adds `.github/workflows/release.yml`, `.github/dependabot.yml`, and `.releaserc.json`; trims `.npmignore` for release-related paths. Staged `package-lock.json` reflects the dependency churn. Includes a small change to `.vscode/settings.json` (demo folder exclude).
Pull requests previously had no workflow running `npm test` or `npm run build`; only `release.yml` ran on pushes to `master`, so breakages could show up late. Adds `.github/workflows/ci.yml` (Node 22.14, `npm ci`, test, build) on `pull_request` and pushes to `master`. Documents the workflow and why the Release job still builds before publish in `RELEASING.md`.
Aligns the release workflow with npm Trusted Publishing (Node 22 still ships npm 10.x, so the global npm bump is required alongside Node ≥ 22.14), documents how Dependabot PR titles affect semantic-release when merge commits rewrite the subject, and trims duplicate semantic-release plugin pins so versions come from the main semantic-release dependency tree. Also resolves the Jest transformer via the `ts-jest` package name, adds upfront `package.json` `main`/`module` checks in `rollup.config.mjs`, tightens `validateFormFields` coverage on a single `FormFields` instance, and switches `ClassyForm` submit assertions to `userEvent` clicks on the Save button.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.