Tags: airtasker/spot
Tags
Release v2.0.2 ## Summary - Bump version to `2.0.2` - Update README via `pnpm prepack` ## Changes since v2.0.1 - [ACQ-6267] Fix pnpm publish failing on release tags (#2514) — adds `--no-git-checks` to `pnpm publish` steps so releases work correctly from detached HEAD in GitHub Actions ## Post-merge After squash-merging this PR, follow the [release wiki](https://github.com/airtasker/spot/wiki/Releasing-Spot) Part 2: 1. Go to [GitHub Releases](https://github.com/airtasker/spot/releases/new) 2. Create tag `v2.0.2` 3. Title: `Release v2.0.2` 4. Publish the release — this triggers the publish workflow to NPM and GitHub Package Registry 🤖 Generated with [Claude Code](https://claude.com/claude-code) [ACQ-6267]: https://airtasker.atlassian.net/browse/ACQ-6267?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ Co-authored-by: Claude Opus 4.6 <[email protected]>
[ACQ-6177] v2.0.0: Migrate to pnpm + fix security vulnerabilities (#2495 ) ## Description Migrates Spot to v2.0.0 with pnpm adoption, modern Node.js requirements, and security fixes. ### Changes - Migrates from yarn to pnpm 10.x - Fixes TypeScript TS2742 type inference errors with explicit type annotations - Updates GitHub Actions workflows to use pnpm - Converts docs/ to pnpm workspace package - Drops Node 14/16 support, adds Node 22/24 to test matrix - **Security:** Fixes multiple dependency vulnerabilities via pnpm overrides ## Security Fixes Added `pnpm.overrides` to force secure versions of vulnerable dependencies: - **jsonpath-plus:** Upgraded from v4.0.0 to v10.3.0 (fixes CVE in transitive dependency from `@stoplight/spectral`) - **jest:** Upgraded to v29.7.0 (latest stable with security patches) - **immer:** Upgraded to v10.1.1 (fixes prototype pollution vulnerability CVE-2023-42655) ## Breaking Changes **v1.13.0 → v2.0.0** 1. **Node.js requirement:** >= 18.12.0 (was >= 12.0.0) - Required by pnpm 10.x - Node 16 reached EOL September 2023 2. **Package manager:** pnpm (was yarn) - Airtasker standardization ## Migration **Node 18+ users:** No action needed **Node 14/16 users:** - Upgrade to Node 18+ LTS, OR - Stay on Spot v1.x **Contributors:** - Use `pnpm install` instead of `yarn install` ## Checklist - [ ] Tests updated (N/A - no functional changes) - [x] Issue created (ACQ-6177) - [x] Security vulnerabilities resolved 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Sonnet 4.5 <[email protected]>
PreviousNext