less-openui5 - npm Package Compare versions

Comparing version 0.7.0 to 0.8.0

CHANGELOG.md

@@ -1,16 +0,30 @@
-# 0.7.0 (2019-10-30)
+# Changelog
+All notable changes to this project will be documented in this file.  
+This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-### Breaking changes
-- Drop unsupported Node.js versions. Now requires >= 8.5 [#94](https://github.com/SAP/less-openui5/pull/94)
+A list of unreleased changes can be found [here](https://github.com/SAP/less-openui5/compare/v0.8.0...HEAD).
 
-### Fixes
-- Scope rule handling [#92](https://github.com/SAP/less-openui5/pull/92)
-- Add inline parameters on empty CSS [#96](https://github.com/SAP/less-openui5/pull/96)
+<a name="v0.8.0"></a>
+## [v0.8.0] - 2019-11-18
+### Breaking Changes
+- Remove support for 'sourceMap' / 'cleancss' options [`3f234c8`](https://github.com/SAP/less-openui5/commit/3f234c88c4442035c0fe2683197c044ec6a93fab)
 
-### All changes
-[`0.6.0...0.7.0`](https://github.com/SAP/less-openui5/compare/0.6.0...0.7.0)
+### Bug Fixes
+- Apply less.js fix for import race condition [`694f6c4`](https://github.com/SAP/less-openui5/commit/694f6c41ad788eded034df6835cf5fbd8f6feaf3)
 
 
-# 0.6.0 (2018-09-10)
+<a name="0.7.0"></a>
+## [0.7.0] - 2019-10-30
+### Breaking Changes
+- Drop support for Node.js < 8.5 [`810962c`](https://github.com/SAP/less-openui5/commit/810962cf7bb4604641160d547593568f70b72f98)
 
+### Bug Fixes
+- Add inline parameters on empty CSS [`bc59d58`](https://github.com/SAP/less-openui5/commit/bc59d58486e972057675c5b8abe83229f116bc07)
+- Scope rule handling ([#92](https://github.com/SAP/less-openui5/issues/92)) [`89b56c1`](https://github.com/SAP/less-openui5/commit/89b56c1a975f53ea8e436878b07707f1fb061486)
+
+
+[v0.8.0]: https://github.com/SAP/less-openui5/compare/0.7.0...v0.8.0
+[0.7.0]: https://github.com/SAP/less-openui5/compare/0.6.0...0.7.0
+## 0.6.0 - 2018-09-10
+
 ### Breaking changes
@@ -26,3 +40,3 @@ - Drop unsupported Node.js versions. Now requires >= 6 [#45](https://github.com/SAP/less-openui5/pull/45)
 
-# 0.5.4 (2018-07-04)
+## 0.5.4 - 2018-07-04
 
@@ -36,3 +50,3 @@ ### Fixes
 
-# 0.5.3 (2018-05-18)
+## 0.5.3 - 2018-05-18
 
@@ -47,3 +61,3 @@ ### Fixes
 
-# 0.5.2 (2018-03-26)
+## 0.5.2 - 2018-03-26
 
@@ -57,3 +71,3 @@ ### Fixes
 
-# 0.5.1 (2018-03-12)
+## 0.5.1 - 2018-03-12
 
@@ -67,3 +81,3 @@ ### Fixes
 
-# 0.5.0 (2018-02-09)
+## 0.5.0 - 2018-02-09
 
@@ -77,3 +91,3 @@ ### Features
 
-# 0.4.0 (2017-12-13)
+## 0.4.0 - 2017-12-13
 
@@ -88,3 +102,3 @@ ### Features
 
-# 0.3.1 (2017-03-28)
+## 0.3.1 - 2017-03-28
 
@@ -98,3 +112,3 @@ ### Fixes
 
-# 0.3.0 (2017-03-23)
+## 0.3.0 - 2017-03-23
 
@@ -115,3 +129,3 @@ ### Breaking changes
 
-# 0.2.0 (2016-03-15)
+## 0.2.0 - 2016-03-15
 
@@ -118,0 +132,0 @@ ### Breaking changes

lib/index.js

@@ -140,2 +140,9 @@ // Copyright 2019 SAP SE.
 
+	if (options.compiler.sourceMap) {
+		return Promise.reject(new Error("compiler.sourceMap option is not supported!"));
+	}
+	if (options.compiler.cleancss) {
+		return Promise.reject(new Error("compiler.cleancss option is not supported! Please use 'clean-css' directly."));
+	}
+
 	// Set default of "relativeUrls" parser option to "true" (less default is "false")
@@ -142,0 +149,0 @@ if (!Object.prototype.hasOwnProperty.call(options.parser, "relativeUrls")) {

lib/less/importsPush.js

@@ -10,3 +10,4 @@ /* !
  * This file contains a modified version of the local function "imports.push" within the constructor of "less.Parser"
- * which has been taken from LESS v1.6.3 (https://github.com/less/less.js/blob/v1.6.3/lib/less/parser.js#L70-L111).
+ * which has been taken from LESS v1.6.3 (https://github.com/less/less.js/blob/v1.6.3/lib/less/parser.js#L70-L111)
+ * and applied commit https://github.com/less/less.js/commit/ccd8ebbfdfa300b6e748e8d7c12e3dbb0efd8371.
  * Modifications are marked with comments in the code.
@@ -19,3 +20,3 @@ *
 
-const less = require("less");
+const less = require("../thirdparty/less");
 const tree = less.tree;
@@ -34,3 +35,3 @@
 			// Replaced "rootFilename" with "env.filename"
-			const importedPreviously = fullPath in parserImports.files || fullPath === env.filename;
+			const importedPreviously = fullPath === env.filename;
 
@@ -37,0 +38,0 @@ /* END MODIFICATION */

lib/less/parser.js

@@ -18,3 +18,3 @@ // Copyright 2019 SAP SE.
 
-const less = require("less");
+const less = require("../thirdparty/less");
 const createFileLoader = require("./fileLoader");
@@ -21,0 +21,0 @@ const createImportsPushFunction = require("./importsPush");

lib/plugin/import-collector.js

@@ -17,3 +17,3 @@ // Copyright 2019 SAP SE.
 
-const less = require("less");
+const less = require("../thirdparty/less");
 
@@ -20,0 +20,0 @@ const ImportCollector = module.exports = function(options) {

lib/plugin/rtl.js

@@ -17,3 +17,3 @@ // Copyright 2019 SAP SE.
 
-const less = require("less");
+const less = require("../thirdparty/less");
 
@@ -20,0 +20,0 @@ const cssSizePattern = /(-?[.0-9]+)([a-z]*)/;

lib/plugin/variable-collector.js

@@ -17,3 +17,3 @@ // Copyright 2019 SAP SE.
 const path = require("path");
-const less = require("less");
+const less = require("../thirdparty/less");
 
@@ -20,0 +20,0 @@ const VariableCollector = module.exports = function(env) {

LICENSE.txt

@@ -203,1 +203,20 @@
    limitations under the License.
+
+------------------------------------------------------------------------------
+APIs
+
+This project may include APIs to SAP or third party products or services. The use of these APIs, products and services may be subject to additional agreements. In no event shall the application of the Apache Software License, v.2 to this project grant any rights in or to these APIs, products or services that would alter, expand, be inconsistent with, or supersede any terms of these additional agreements. “API” means application programming interfaces, as well as their respective specifications and implementing code that allows other software products to communicate with or call on SAP or third party products or services (for example, SAP Enterprise Services, BAPIs, Idocs, RFCs and ABAP calls or other user exits) and may be made available through SAP or third party products, SDKs, documentation or other media.
+
+------------------------------------------------------------------------------
+SUBCOMPONENTS
+
+This project includes the following subcomponents that are subject to separate license terms.
+Your use of these subcomponents is subject to the separate license terms applicable to
+each subcomponent.
+
+Component: less.js
+Licensor: Alexis Sellier
+Website: http://lesscss.org/
+License: Apache License 2.0
+<year> = 2014
+<copyright holders> = Alexis Sellier & The Core Less Team

package.json

 {
   "name": "less-openui5",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Build OpenUI5 themes with Less.js",
@@ -9,3 +9,7 @@ "scripts": {
     "unit-debug": "mocha --inspect --debug-brk test/*.js",
-    "test": "npm run lint && npm run unit"
+    "test": "npm run lint && npm run unit",
+    "preversion": "npm test",
+    "version": "git-chglog --next-tag v$npm_package_version -o CHANGELOG.md 0.7.0.. && git add CHANGELOG.md",
+    "postversion": "git push --follow-tags",
+    "release-note": "git-chglog -c .chglog/release-config.yml v$npm_package_version"
   },
@@ -35,4 +39,5 @@ "main": "lib/index.js",
     "css": "^2.2.1",
-    "less": "1.6.3",
-    "object-assign": "^4.0.1"
+    "mime": "^1.6.0",
+    "object-assign": "^4.0.1",
+    "request": "^2.88.0"
   },
@@ -39,0 +44,0 @@ "devDependencies": {

README.md

@@ -152,2 +152,4 @@ ![OpenUI5](http://openui5.org/images/OpenUI5_new_big_side.png)
 
+**Note:** The options `sourceMap` and `cleancss` are not supported. An exception will be thrown when used.
+
 ##### library.name
@@ -154,0 +156,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

351587

increased by362.85%

Number of package files

59

increased by293.33%

Lines of code

8015

increased by403.77%

Number of lines in readme file

229

increased by0.88%

Worsened metrics

Dependency count

5

increased by25%

Number of low supply chain risk alerts

3

increased by200%

Number of medium supply chain risk alerts

3

increased byInfinity%

Dependency changes

• + Addedmime@^1.6.0

• + Addedrequest@^2.88.0

• + Addedmime@1.6.0(transitive)

• + Addedpsl@1.13.0(transitive)

• - Removedless@1.6.3

• - Removedamdefine@1.0.1(transitive)

• - Removedclean-css@2.0.8(transitive)

• - Removedcommander@2.0.0(transitive)

• - Removedless@1.6.3(transitive)

• - Removedmime@1.2.11(transitive)

• - Removedmkdirp@0.3.5(transitive)

• - Removedpsl@1.14.0(transitive)

• - Removedsource-map@0.1.43(transitive)