Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@swissquote/crafty	1.17.2 -> 1.18.1					devDependencies	minor
@swissquote/crafty-preset-babel	1.17.2 -> 1.18.1					devDependencies	minor
@swissquote/crafty-preset-jest	1.17.2 -> 1.18.1					devDependencies	minor
@swissquote/crafty-preset-typescript	1.17.2 -> 1.18.1					devDependencies	minor
@swissquote/crafty-runner-gulp	1.17.2 -> 1.18.1					devDependencies	minor
@swissquote/crafty-runner-rollup	1.17.2 -> 1.18.1					devDependencies	minor
shivammathur/setup-php	2.16.0 -> 2.17.0					action	minor

---

Release Notes

swissquote/crafty

v1.18.1

Compare Source

Highlights

• Fix issue of Resolve error: unable to load resolver "node" @​swissquote/swissquote/import/export
• Remove unneeded embedded dependency on TypeScript as the dependency is present
• Move some Stylelint rules from the common to the recommended preset.

Updates

• eslint from 8.8.0 to 8.9.0
• gulp-eslint-new from 1.3.0 to 1.4.0
• minimatch from 3.0.5 to 4.1.1
• fork-ts-checker-webpack-plugin from 7.2.0 to 7.2.1
• @rollup/plugin-replace from 3.0.1 to 3.1.0
• @typescript-eslint/*from 5.11.0 to 5.12.0

v1.18.0

Compare Source

Highlights

• Update to PostCSS 8 (#​963)
• Many dependencies of Crafty are now bundled
• @swissquote/crafty-preset-jest ESM Transformer is now only using babel
• @swissquote/crafty-preset-typescript Use write-dts mode from fork-ts-checker-webpack-plugin
• Improved Error handling
• Crafty now includes some forked packages

Update to PostCSS 8 #​963

All plugins and integrations have been updated to PostCSS 8.
You should see no difference in behaviour compared to previous versions.

Also, postcss-nesting was removed as it is a subset of postcss-nested as well as postcss-filter-gradient since only very old versions of IE needed it.

Bundled dependencies

Crafty's integration of many tools leads to hundreds of dependencies.
Some are outdated, deprecated, or do the same as other dependencies.

One consequence of these dependencies is that a change in one dependency can sometimes introduce issues in other dependencies.
As described in #​1338, an update in PostCSS with a new feature broke a package that was still using an older major version and wasn't compatible with this new feature.
Bundling dependencies should help avoid, or at least reduce, these situations in the future.

In this effort, Crafty started to bundle many dependencies.
From a total of 1575 dependencies when this effort started (Version 1.15.0), Crafty now has 681 dependencies.
This number represents the total number of dependencies if you install Crafty and its presets, which probably isn't your case.

The size reduction is less impressive as we went down from 268MB in version 1.15.0 to 247MB in version.
However, one important thing to note is the increasing size of the typescript and @swc/core packages, which are respectively 62MB and 43MB.

@swissquote/crafty-preset-jest ESM Transformer is now only using babel

When importing ESM modules in a non-ESM package, Jest fails to load it.
Crafty has a feature to allow this to work, it was improved to only use Babel instead of a combination of Babel + cherow

@swissquote/crafty-preset-typescript Use write-dts mode from fork-ts-checker-webpack-plugin

When declaration: true is set in tsconfig.json, fork-ts-checker-webpack-plugin was disabled as it wasn't supported.
Since its version 7.1.0 it now supports writing TypeScript declaration files and is now enabled in all cases.

This should reduce your build time if you have declaration: true in your tsconfig.json

Improved Error handling

When a task fails with an issue, the error messages should be more relevant and less verbose.
If the error is related to your code, no stacktrace should be displayed.

Also, errors a mechanism now ensures the same error isn't logged more than once.

Crafty now includes some forked packages

Some packages on which Crafty depends are unmaintained and contain very old dependencies.
Those packages and their dependencies present a risk when there is a need to update them, for example, when there is a new update of PostCSS.

The forked packages are in the package-forks folder:

Package	Difference with original
assets	The original version could not be bundled
gulp-newer	Modernize and reduce dependencies
gulp-plumber	Modernize and reduce dependencies
gulp-stylelint	PostCSS 8 support
pixrem	PostCSS 8 support
pleeease-filters	PostCSS 8 support
postcss-assets	PostCSS 8 support
postcss-atroot	PostCSS 8 support
postcss-color-gray	PostCSS 8 support
postcss-color-hsl	PostCSS 8 support
postcss-color-hwb	PostCSS 8 support
postcss-color-mod-function	PostCSS 8 support. Support for legacy color() function. Fix incorrect color math.
postcss-color-rgb	PostCSS 8 support
postcss-color-rgba-fallback	PostCSS 8 support
postcss-custom-properties	PostCSS 8 support
postcss-image-set-polyfill	PostCSS 8 support
postcss-pseudoelements	PostCSS 8 support
postcss-selector-matches	PostCSS 8 support

Internal

• Update to Yarn 3.1.1
• Remove oao. Use a custom publish script instead
• Replace Jest for package tests with AVA

Dependencies Updates

• @babel/* from 7.16.0 to 7.17.2

• jest from 27.2.0 to 27.5.1

• eslint from 8.1.0 to 8.8.0

• postcss from 7.0.39 to 8.4.6

• rollup from 2.59.0 to 2.67.2

• stylelint from 13.13.1 to 14.3.0

• @swc/core from 1.2.106 to 1.2.138

• webpack from 5.61.0 to 5.68.0

• eslint-webpack-plugin from 3.1.0 to 3.1.1

• css-loader from 6.5.0 to 6.6.0

• gulp-postcss from 8.0.0 to 9.0.1

• mini-css-extract-plugin from 2.4.3 to 2.5.3

• postcss-scss from 2.1.1 to 4.0.3

• fork-ts-checker-webpack-plugin from 6.4.0 to 7.2.0

• rollup-plugin-typescript2 from 0.30.0 to 0.31.2

• gulp-eslint-new from 0.5.0 to 1.3.0

• @rollup/plugin-node-resolve from 13.0.6 to 13.1.3

• @rollup/plugin-replace from 3.0.0 to 3.0.1

• terser-webpack-plugin from 5.2.4 to 5.3.1

• webpack-dev-server from 4.4.0 to 4.7.4

• log-symbols from 4.1.0 to 5.1.0

• browserslist from 4.17.5 to 4.19.1

• enhanced-resolve from 5.8.3 to 5.9.0

• chokidar from 3.5.2 to 3.5.3

• find-up from 5.0.0 to 6.3.0

• merge-anything from 4.0.1 to 5.0.2

• copy-anything from 2.0.3 to 3.0.2

• yargs-parser from 20.2.9 to 21.0.0

• eslint-plugin-import from 2.25.2 to 2.25.4

• eslint-plugin-react from 7.26.1 to 7.28.0

• eslint-plugin-sonarjs from 0.10.0 to 0.11.0

• autoprefixer from 9.8.8 to 10.4.2

• postcss-advanced-variables replaced with @knagis/postcss-advanced-variables

• postcss-color-rebeccapurple from 6.0.0 to 7.0.2

• postcss-csso from 4.0.0 to 6.0.0

• postcss-custom-media from 7.0.8 to 8.0.0

• postcss-custom-selectors from 5.1.2 to 6.0.0

• postcss-dir-pseudo-class from 5.0.0 to 6.0.4

• postcss-font-family-system-ui from 4.3.0 to 5.0.0

• postcss-font-variant from 4.0.1 to 5.0.0

• postcss-import from 12.0.1 to 14.0.2

• postcss-initial from 3.0.4 to 4.0.1

• postcss-media-minmax from 4.0.0 to 5.0.0

• postcss-nested from 4.2.3 to 5.0.6

• postcss-property-lookup from 2.0.0 to 3.0.0

• postcss-pseudo-class-any-link from 6.0.0 to 7.1.1

• postcss-replace-overflow-wrap from 3.0.0 to 4.0.0

• postcss-reporter from 6.0.1 to 7.0.5

• postcss-selector-not from 4.0.1 to 5.0.0

• postcss-url from 8.0.0 to 10.1.3

• stylelint-scss from 3.21.0 to 4.1.0

• stylelint-prettier from 1.2.0 to 2.0.0

• postcss-value-parser from 4.1.0 to 4.2.0

• postcss-selector-parser from 6.0.6 to 6.0.9

shivammathur/setup-php

v2.17.0

Compare Source

This release is possible because of our sponsors ❤️.

Help setup-php reach its sponsorship goals.

---

• Added ini-file input to specify the base php.ini file. Accepts production, development or none. Docs (#​450, #​469)

By default the production php.ini is used, you can change it to the development one, or remove it using none.

- name: Setup PHP
  with:
    php-version: '8.1'
    ini-file: development

• Updated support for symfony-cli to use the new version from symfony-cli/symfony-cli.

- name: Setup PHP
  with:
    php-version: '8.1'
    tools: symfony-cli

• Added support for Churn-PHP (#​561)

- name: Setup PHP
  with:
    php-version: '8.1'
    tools: churn

• Added support for blackfire extension on PHP 8.1.

- name: Setup PHP
  with:
    php-version: '8.1'
    extensions: blackfire

• Tools pecl, phpize and php-config are now installed by default on Linux. Specifying these in tools input is no longer required.

• The environment variable COMPOSER_NO_INTERACTION is now set to 1 by default, so using --no-interaction in composer commands is not required. (#​547)

• The environment is now considered self-hosted unless the GitHub hosted environment is detected. This should prevent broken PHP installs in self-hosted environments when the runner environment variable is not specified. (#​554)

• Added support to enable disabled extensions when required by tools. For this extensions are now processed before tools.

• Added support to enable xml extension before installing other extensions using pecl. (#​553)

• Speed improvements

  • Reduced the initial I/O in script creation.
  • Reduced the number of PHP calls and it now uses php-config instead.
  • Reduced number of brew calls on macOS setup.
  • Windows builds for all PHP versions are now fetched from shivammathur/php-builder-windows releases as a faster cache with windows.php.net as a fallback.
  • SSL libraries for PHP 5.3 to 5.5 on Windows are now fetched in parallel.
  • PHP builds for PHP 5.3 to 5.5 should now use cached macports builds from shivammathur/php5-darwin.

• Added support for installing tools using composer in different scopes. This allows installing two tools with different versions of a common dependency. (#​549)

• Added support to fail immediately when composer setup fails. (#​548)

• Added support to parse PECL extension versions when wrongly hyphenated. (#​536)

• Added support for composer phars from shivammathur/composer-cache with PHP version as now different PHP versions can have different composer versions for a release type.

• Added setup-php.com as a fallback in addition to jsdeliver.com for script sources.

• Fixed support for fallback sources for tools in Windows.

• Fixed potential exponential backtracking in regex to parse extension input when installing extensions from a git repository.

• Fixed adding sudo to self-hosted Linux environments. (#​555)

• Fixed enabling disabled extensions with other extensions as dependencies. For example pecl_http, redis, etc.

• Fixed a bug where the ini file used for enabling extensions by pecl in the scan directory was deleted when disabling extensions.

• Fixed misconfiguration which prevented package lists from updating on Linux.

• Fixed the fallback to install PowerShell packages using Install-Module on Windows when GitHub Releases is down. Also fixed not adding the Import-Module command to the profile when it fallbacks.

• Fixed tools setup to not overwrite an existing tool with a broken one if it fails to set up.

• Fixed an error when copying tools to a directory in PATH in tools setup.

• Fixed parsing composer phars from snapshot channel for its version when is a stable version.

• Fixed support for oci8 and pdo_oci extensions on Windows.

• Fixed pecl_http setup.

• Fixed restore-keys input in composer cache example in README with dependency range.

• Fixed error in tools setup on self-hosted environments when composer's bin directory is not present.

• Fixed tools.getLatestVersion to handle failing GitHub API call.

• Fixed output on non-GitHub Action environments where GitHub Action specific command syntax was printed.

• Fixed a bug where the status variable was overwritten in ppa.sh and was breaking the status output.

• Fixed scope of variables to local in bash scripts.

• Fixed setting extension stability in Add-Extension Function on Windows.

• Fixed node-release workflow to add lib directory to the packages.

• Fixed sending coverage data to codecov on pull requests.

• Refactored utils.fetch to its own module and mocked the http module using nock for fetch tests. Now the Node.js test suite does not make any external requests.

• Refactored setting environment variables and adding to PATH.

• Refactored setting outputs to functions with a check to only run on GitHub Actions.

• Refactored extension functions to add_extension.sh and add_extension.ps1.

• Refactored the default PHP packages for self-hosted Linux environments to a config file. Also added cgi, fpm, mysql, opcache, pgsql and zip to the list.

• Refactored Nightly PHP setup to Install-PhpNightly Function on Windows.

• Refactored CI workflows and templates.

• Rename common.sh to unix.sh.

• Update security policy to specify clearly that the latest patch versions of both v1 and v2 are supported for security updates.

• Updated Node workflows to use 16.x.

• Updated README for the release.

• Updated Node.js dependencies.

---

Thanks! @​jrfnl and @​villfa for the contributions 🚀

Follow for updates

---

Configuration

📅 Schedule: "before 11pm on Monday" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication