Skip to content

[deps]: Update cross-env to v10 #853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[deps]: Update cross-env to v10 #853

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 18, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
cross-env 7.0.3 -> 10.1.0 age confidence

Release Notes

kentcdodds/cross-env (cross-env)

v10.1.0

Compare Source

Features
  • add support for default value syntax (152ae6a)

For example:

"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",

If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

v10.0.0

Compare Source

TL;DR: You should probably not have to change anything if:

  • You're using a modern maintained version of Node.js (v20+ is tested)
  • You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #​261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

  • Replace Jest with Vitest for testing
  • Convert all source files from .js to .ts with proper TypeScript types
  • Use zshy for ESM-only builds (removes CJS support)
  • Adopt @​epic-web/config for TypeScript, ESLint, and Prettier
  • Update to Node.js >=20 requirement
  • Remove kcd-scripts dependency
  • Add comprehensive e2e tests with GitHub Actions matrix testing
  • Update GitHub workflow with caching and cross-platform testing
  • Modernize documentation and remove outdated sections
  • Update all dependencies to latest versions
  • Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely modernized with the latest tooling and best practices

BREAKING CHANGES
  • This is a major rewrite that changes the module format from CommonJS to ESM-only. The package now requires Node.js >=20 and only exports ESM modules (not relevant in most cases).

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner August 18, 2025 03:16
@renovate renovate bot requested a review from jrmccannon August 18, 2025 03:16
@codecov
Copy link

codecov bot commented Aug 18, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 7.67%. Comparing base (57a3ef0) to head (c9b0f44).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@          Coverage Diff          @@
##            main    #853   +/-   ##
=====================================
  Coverage   7.67%   7.67%           
=====================================
  Files         68      68           
  Lines       2775    2775           
  Branches     482     482           
=====================================
  Hits         213     213           
  Misses      2547    2547           
  Partials      15      15

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@bitwarden-bot bitwarden-bot changed the title [deps]: Update cross-env to v10 [PM-24902] [deps]: Update cross-env to v10 Aug 18, 2025
@bitwarden-bot
Copy link

bitwarden-bot commented Aug 18, 2025

Internal tracking:

@renovate renovate bot changed the title [PM-24902] [deps]: Update cross-env to v10 [deps]: Update cross-env to v10 Aug 18, 2025
@renovate renovate bot force-pushed the renovate/cross-env-10.x branch 2 times, most recently from bca96e2 to b5a6dfd Compare August 20, 2025 04:19
@github-actions
Copy link
Contributor

github-actions bot commented Aug 25, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsdf000778-37fa-46ea-b02b-d1f162c8a325

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2025-11460 Npm-electron-38.1.0
detailsRecommended version: 38.2.2
Description: Google chrome versions prior to 141.0.7390.65 is vulnerable to Use after free in Storage.
Attack Vector: NETWORK
Attack Complexity: LOW

ID: Kp5HNmmGoJRfHxP5FcSM9TrEEwHakFMSDankvwm7WSc%3D
Vulnerable Package
LOW CVE-2025-58751 Npm-vite-6.3.5
detailsRecommended version: 6.3.6
Description: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the ...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: kngcRdgNXFolOOutpP0JhdE%2B8KAMMI6FlGeWayQUVeY%3D
Vulnerable Package
LOW CVE-2025-58751 Npm-vite-6.2.7
detailsRecommended version: 6.3.6
Description: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the ...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: QcGJ2q3QFcepHYlOD8%2FXqjhtbKTUTANtRXwtpmDnnBE%3D
Vulnerable Package
LOW CVE-2025-58752 Npm-vite-6.2.7
detailsRecommended version: 6.3.6
Description: Vite is a frontend tooling framework for JavaScript. In Vite versions through 5.4.19, 6.x through 6.3.5, 7.0.x through 7.0.6 and 7.1.x through 7.1....
Attack Vector: NETWORK
Attack Complexity: LOW

ID: rx8t%2BI%2BaVREtGH%2B3nYDS1%2Fm1BKLkxlsXSS%2F9SHUZGFo%3D
Vulnerable Package

@renovate renovate bot force-pushed the renovate/cross-env-10.x branch from b5a6dfd to 5d8e2b0 Compare August 31, 2025 12:02
@renovate renovate bot force-pushed the renovate/cross-env-10.x branch from 5d8e2b0 to 9dc9382 Compare September 25, 2025 18:07
@renovate renovate bot force-pushed the renovate/cross-env-10.x branch from 9dc9382 to e51159e Compare October 6, 2025 18:38
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 10, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate bot force-pushed the renovate/cross-env-10.x branch from e51159e to c9b0f44 Compare October 21, 2025 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrmccannon jrmccannon Awaiting requested review from jrmccannon jrmccannon is a code owner automatically assigned from bitwarden/team-admin-console-dev

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bitwarden-bot