Skip to content

chore(deps): bump commander from 14.0.3 to 15.0.0#174

Open
dependabot[bot] wants to merge 12 commits into
mainfrom
dependabot/npm_and_yarn/commander-15.0.0
Open

chore(deps): bump commander from 14.0.3 to 15.0.0#174
dependabot[bot] wants to merge 12 commits into
mainfrom
dependabot/npm_and_yarn/commander-15.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps commander from 14.0.3 to 15.0.0.

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 5, 2026
@changeset-bot

changeset-bot Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: a80b3c5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@strapi/sdk-plugin Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@dependabot
chore(deps): bump commander from 14.0.3 to 15.0.0
6852eb3 
Bumps [commander](https://github.com/tj/commander.js) from 14.0.3 to 15.0.0.
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](tj/commander.js@v14.0.3...v15.0.0)

---
updated-dependencies:
- dependency-name: commander
  dependency-version: 15.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/commander-15.0.0 branch from 662385d to 6852eb3 Compare June 5, 2026 13:54
@innerdvations
fix(test): support commander 15 ESM-only in Jest on Node 22
c095018 
commander 15 dropped CJS; Jest on Node 22 cannot require() it natively.
Bundle commander to CJS for tests via esbuild moduleNameMapper, and
inline it in the Vite CJS build so dist/cli.js stays require()-able.
@innerdvations
fix(cli): load ESM-only commander 15 via dynamic import
7e8dd1c 
Replace the static import of commander with a lazy loader (mirroring
chalk-loader) so the published CJS bundle and Jest on Node 22 no longer
require() commander 15, which is ESM-only and throws on Node < 24.9.

The loader uses an indirect dynamic import so neither @swc/jest nor
rollup rewrites it back to require(). This reverts the earlier esbuild
shim / de-externalization workaround.
@innerdvations
fix(test): load commander 15 under Jest without cross-file teardown
ac4a003 
Use a plain dynamic import() under Jest on Node >= 24.9 so commander loads
within each test file's environment instead of a shared native-import realm
that throws "import after teardown" once the first file finishes.

Keep the native import() escape for the CJS bundle and for Jest on Node 22,
and isolate test suites to separate workers on those versions so the escape
cannot poison later files in the same process.
@innerdvations
chore: add changeset for commander 15 upgrade
1f41cd3
@innerdvations
fix(cli): make commander loader async at call sites
9c9b2e2 
Expose async commander helpers so callers do not need to remember a separate
preload step. Await command factories in the CLI setup flow.
@innerdvations
fix(test): keep ESM interop minimal for commander 15
f362dca 
Remove the Jest worker override and keep the shared ESM import helper aligned
with the existing ora loader pattern.
@innerdvations
fix(cli): resolve SonarCloud issues in commander loader
e7031d7 
Use a type guard to drop redundant assertions and a nullish assignment for
the cached commander promise.
@innerdvations innerdvations marked this pull request as draft June 11, 2026 11:17
@innerdvations

innerdvations commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Oops, I thought I had the unit tests passing, I'll fix it again and reopen

@innerdvations
fix(test): choose ESM import path by Node runtime
543dff5
@innerdvations
fix(ci): isolate Node 22 unit test workers
6622142 
Run Jest with enough workers on Node 22 so ESM-only dependencies loaded through
native import do not cross Jest environment teardown boundaries.
@innerdvations
fix(ci): run Node 22 unit tests with isolated workers
65fc551 
Use an explicit Node 22 test step with enough Jest workers to avoid reusing a
worker across ESM import environments. Keep Node 24 and 26 on the normal test
command.
@innerdvations innerdvations marked this pull request as ready for review June 11, 2026 11:56
@sonarqubecloud

sonarqubecloud Bot commented Jun 11, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

giu1io
giu1io approved these changes Jun 11, 2026
View reviewed changes

@giu1io giu1io left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@innerdvations code looks god to me. Do you think I should do some manual QA on this? given that it's more then just a dependency bump.

@innerdvations

innerdvations commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Yes, since it's commander, you can basically just test that the cli commands all still work ok and that should be good

@giu1io

giu1io commented Jun 11, 2026

Copy link
Copy Markdown

Manual testing ✅

Tested locally on Node v24.11.1 and Node 22.12 to cover both import paths.

Build & bundle integrity (Node 24)

  • commander@15.0.0 resolved correctly.
  • pnpm build produces both dist/cli.mjs and dist/cli.js.
  • dist/cli.js is still require()-able from CJS — no ERR_REQUIRE_ESM (the main consumer-facing regression risk).
  • dist/cli.mjs imports cleanly.

CLI runtime (Node 24)

  • --version prints the package version.
  • --help lists all commands (init, build, watch, watch:link, verify, help) — every async command factory registers without errors.
  • build --help and watch --help show their descriptions and options (the two commands refactored to the async createCommand loader).
  • Unknown options still tolerated (allowUnknownOption).
  • Real build against a fixture plugin runs end-to-end.

Test suite (Node 24)

  • pnpm check fully green (lint, test:ts, test:unit).

Node 22 path (ESM escape hatch)

  • CJS require('./dist/cli.js') works under Node 22.
  • CLI runs (--version, --help).
  • pnpm test:unit --maxWorkers=8 green — confirms the CI worker-isolation setting added in this PR.

Everything passed. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giu1io giu1io giu1io approved these changes

@jhoward1994 jhoward1994 Awaiting requested review from jhoward1994

@mathildeleg mathildeleg Awaiting requested review from mathildeleg

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@innerdvations @giu1io