v4.0.0 - boundation, changelog, version bump

bevry · Nov 13, 2023 · c1a4033 · c1a4033
1 parent 80134a2
commit c1a4033
Show file tree

Hide file tree

Showing 10 changed files with 236 additions and 146 deletions.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -3,4 +3,5 @@ patreon: bevry
 open_collective: bevry
 ko_fi: balupton
 liberapay: bevry
+tidelift: npm/eslint-config-bevry
 custom: ['https://bevry.me/fund']
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,7 +1,17 @@
 version: 2
 updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: sunday
+      time: '00:00'
+      timezone: Australia/Perth
   - package-ecosystem: npm
     directory: /
     schedule:
       interval: weekly
       day: sunday
+      time: '00:00'
+      timezone: Australia/Perth
+    open-pull-requests-limit: 0
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
diff --git a/.github/workflows/bevry.yml b/.github/workflows/bevry.yml
@@ -8,15 +8,12 @@ jobs:
       matrix:
         os:
           - ubuntu-latest
-          - macos-latest
-          - windows-latest
         node:
           - '16'
           - '18'
           - '20'
           - '21'
     runs-on: ${{ matrix.os }}
-    continue-on-error: ${{ contains('macos-latest windows-latest', matrix.os) }}
     steps:
       - uses: actions/checkout@v4
       - name: Install desired Node.js version
@@ -58,7 +55,19 @@ jobs:
       - run: npm run our:compile
       - run: npm run our:meta
       - name: publish to npm
-        uses: bevry-actions/npm@v1.1.0
+        uses: bevry-actions/npm@v1.1.1
         with:
           npmAuthToken: ${{ secrets.NPM_AUTH_TOKEN }}
           npmBranchTag: ':next'
+  automerge:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.prettierignore b/.prettierignore
@@ -1,4 +1,4 @@
-# 2023 March 24
+# 2023 November 13
 # https://github.com/bevry/base
 
 # VCS Files
@@ -31,6 +31,8 @@ bower_components/
 node_modules/
 
 # Build Outputs
+**/*.cjs
+**/*.mjs
 **/out.*
 **/*.out.*
 **/out/

diff --git a/HISTORY.md b/HISTORY.md
@@ -1,5 +1,10 @@
 # History
 
+## v4.0.0 2023 November 14
+
+-   Updated dependencies, [base files](https://github.com/bevry/base), and [editions](https://editions.bevry.me) using [boundation](https://github.com/bevry/boundation)
+-   Minimum required Node.js version changed from `node: >=10` to `node: >=8` adapting to ecosystem changes
+
 ## v3.29.0 2023 November 4
 
 -   Fixed `ESNext` source edition not setting the correct eslint ECMAScript version

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Security Practices
+
+This project meets standardized secure software development practices, including 2FA for all members, password managers with monitoring, secure secret retrieval instead of storage. [Learn more about our practices.](https://tidelift.com/funding/github/npm/eslint-config-bevry)
+
+## Supported Versions
+
+This project uses [Bevry's automated tooling](https://github.com/bevry/boundation) to deliver the latest updates, fixes, and improvements inside the latest release while still maintaining widespread ecosystem compatibility.
+
+[Refer to supported ecosystem versions: `Editions` section in `README.md`.](https://github.com/bevry/eslint-config-bevry/blob/master/README.md#Editions)
+
+[Refer to automated support of ecosystem versions: `boundation` entries in `HISTORY.md`.](https://github.com/bevry/eslint-config-bevry/blob/master/HISTORY.md)
+
+Besides testing and verification, out CI also [auto-merges](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions) [Dependabot security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) and [auto-publishes](https://github.com/bevry-actions/npm) successful builds of the [`master` branch](https://github.com/bevry/wait/actions?query=branch%3Amaster) to the [`next` version tag](https://www.npmjs.com/package/eslint-config-bevry?activeTab=versions), offering immediate resolutions before scheduled maintenance releases.
+
+## Reporting a Vulnerability
+
+[Report the vulnerability to the project owners.](https://github.com/bevry/eslint-config-bevry/security/advisories)
+
+[Report the vulnerability to Tidelift.](https://tidelift.com/security)
diff --git a/adapt.js b/adapt.js
@@ -7,7 +7,7 @@
 class MissingError extends Error {
 	constructor(dependency) {
 		super(
-			`missing development dependency: ${dependency}\nrun: npm install --save-dev ${dependency}`,
+			`missing development dependency: ${dependency}\nrun: npm install --save-dev ${dependency}`
 		)
 	}
 }