Skip to content

Modernize toolchain and dependencies for v2.0.0#35

Open
jrkasprzyk wants to merge 14 commits into
masterfrom
modernization
Open

Modernize toolchain and dependencies for v2.0.0#35
jrkasprzyk wants to merge 14 commits into
masterfrom
modernization

Conversation

@jrkasprzyk

Copy link
Copy Markdown
Contributor

Summary

Modernizes parasol-es for the v2.0.0 release:

  • d3 v5 → v7 and parcoords swapped to the published fork @jrkasprzyk/parcoord-es@^3.0.0 (d3 v7-compatible; registry package, no git dependency)
  • rollup 0.62 → 4, Babel 6 → 7; standalone bundle rebuilt (was stale since 2019, still contained bundled d3 v5)
  • npm audit clean (0 vulnerabilities); stale overrides and unused devDeps removed
  • GitHub Actions CI (lint + build, Node 18/20/22) replaces dead Travis config
  • Version bumped to 2.0.0, engines: node >=18, prepublishOnly build guard
  • Line endings normalized via .gitattributes; lint fixes; dead code removed

Breaking changes

  • d3 v7 (from v5)
  • Node >= 18 required
  • parcoords dependency is now @jrkasprzyk/parcoord-es

Verification

  • npm run lint and npm run build pass
  • Clean-room tarball install verified; dist/parasol.standalone.js loads in jsdom (typeof window.Parasol === 'function')
  • npm audit --omit=dev: 0 vulnerabilities

See plan/process-npm-release-1.md for the full release plan and vulnerability-fixes.md for the security fix history.

🤖 Generated with Claude Code

jrkasprzyk and others added 5 commits June 9, 2026 20:52
- rebuild dist/parasol.standalone.js, stale since 2019 - still
  contained bundled d3 v5 and old vulnerable parcoords; standalone
  is now built by `npm run build` and guarded by prepublishOnly
- fix postcss extract path that wrote dist/dist/parcoords.css
- replace dead Travis config with GitHub Actions (lint + build on
  Node 18/20/22)
- normalize line endings via .gitattributes; fix remaining lint
  errors (drop dead bindEvents.js, unused sortdir/events)
- drop mocha/nyc/cross-env (no tests exist) and the stale
  serialize-javascript override; npm audit reports 0 vulnerabilities
- bump engines to node >=18

Major bump: this branch upgrades d3 v5 to v7 and swaps parcoord-es
for the modernized fork github:jrkasprzyk/parcoords-es.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Replace git-pinned github:jrkasprzyk/parcoords-es dependency with
the npm-published @jrkasprzyk/parcoord-es@^3.0.0 (d3 v7 fork of
parcoord-es 2.2.10). Update import, UMD globals key, and rebuild.
Mark TASK-017/018 complete: fork published to npm as
@jrkasprzyk/parcoord-es@3.0.0 and dependency swapped pre-release
(c565384), so the change ships in 2.0.0 with no 2.0.1 needed.
Resolve CON-002/RISK-002, supersede RISK-004 (SHA pin -> ^3.0.0),
and update DEP-001, TEST-002, and related sections to the
published package name.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Modernizes parasol-es for the v2.0.0 release by upgrading the JS toolchain and key visualization dependencies (notably d3), rebuilding committed dist artifacts, and replacing legacy CI/configuration.

Changes:

  • Upgrade runtime dependencies (d3 v7; switch parcoords to @jrkasprzyk/parcoord-es) and bump package to v2.0.0 with Node >= 18.
  • Replace legacy Rollup configs with a modern Rollup v4 config that produces both library bundles and a standalone bundle; regenerate dist/.
  • Replace Travis with GitHub Actions CI; add line-ending normalization and lint config updates; remove dead/unused code/config.

Reviewed changes

Copilot reviewed 18 out of 27 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
vulnerability-fixes.md Adds a 2026-06 update note documenting audit status and release readiness.
src/index.js Removes unused events destructuring and dead commented code.
src/bindEvents.js Deletes unused/dead module.
src/api/resetSelections.js Updates thrown message quoting for invalid selection.
src/api/removeData.js Updates thrown message quoting for invalid selection.
src/api/keepData.js Updates thrown message quoting for invalid selection.
src/api/init.js Switches parcoords import to @jrkasprzyk/parcoord-es.
src/api/exportData.js Updates thrown message quoting for invalid selection.
src/api/attachGrid.js Removes unused sort-direction variable.
rollup.config.mjs Modern Rollup v4 config: globals for UMD, shared plugins, library + standalone outputs.
rollup.config.js Deletes legacy Rollup config (deprecated toolchain).
rollup.config.dev.js Deletes legacy dev Rollup config (deprecated toolchain).
plan/process-npm-release-1.md Adds a release process plan/checklist for publishing v2.0.0.
package.json Bumps to 2.0.0, Node >=18, adds prepublishOnly, swaps parcoords dependency, removes stale dev tooling/overrides.
package-lock.json Updates lockfile for new deps/tooling and removes dropped packages.
dist/parasol.standalone.js Rebuilt standalone bundle including updated dependency versions and fixes.
dist/parasol.js Rebuilt UMD library bundle reflecting dependency and code changes.
dist/parasol.esm.js Rebuilt ESM library bundle reflecting dependency and code changes.
dist/dist/parcoords.css Removes accidentally nested CSS artifact (dist/dist/...).
demo/legacy.html Line-ending/format normalization only (no functional change apparent).
.travis.yml Removes Travis CI configuration.
.github/workflows/ci.yml Adds GitHub Actions CI (lint + build on Node 18/20/22).
.gitattributes Enforces LF normalization and marks binary file patterns.
.eslintrc.json Updates lint rules to allow unused function args while still erroring on other unused vars.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread rollup.config.mjs Outdated
Comment thread package.json
Comment thread vulnerability-fixes.md Outdated
Comment thread plan/process-npm-release-1.md Outdated
Comment thread src/api/resetSelections.js Outdated
Comment thread src/api/removeData.js Outdated
Comment thread src/api/keepData.js Outdated
Comment thread src/api/exportData.js Outdated
@jrkasprzyk

Copy link
Copy Markdown
Contributor Author

I ran an additional code-review skill with Claude Fable 5. Its summary:

Review done. Result:

No issues ≥80 confidence. Both candidates scored 0 (false positives):

  1. postcss extract path — rollup-plugin-postcss resolves relative extract against output dir (dirname(output.file) = dist/), verified in plugin source. 'parcoords.css' → dist/parcoords.css. Commit a18ecf7 made this change deliberately to fix the old dist/dist/parcoords.css artifact. Score 0.
  2. bindEvents.js / events removal — import + call already commented out on master, events never read anywhere. Commit a18ecf7 message documents it: "drop dead bindEvents.js, unused sortdir/events". Intentional cleanup, zero runtime change. Score 0.

Also clean: past PR #33 feedback (unpinned git dep, Node engines) both resolved by this PR; shallow bug scan found nothing; rollup globals map complete for all 12 deps.

jrkasprzyk and others added 5 commits June 11, 2026 10:32
Currently, external is currently an array of dependency names, which only matches exact import IDs. Deep imports like file-saver/FileSaver are not treated as external, so the library builds end up bundling those dependencies (e.g., FileSaver code is embedded in dist/parasol.js/dist/parasol.esm.js) despite the comment stating dependencies stay external. 

Here, we are using an external predicate that also treats dep/* as external.

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
- String throws lose stack traces and fail instanceof Error checks;
  drop redundant "Error: " prefix from messages.
- Import file-saver from package root: deep path
  'file-saver/FileSaver' bypassed the external list and was bundled
  into the library builds despite being a declared dependency.
- Regenerate dist.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
jrkasprzyk and others added 4 commits June 11, 2026 10:48
- README: d3 v7, Node >=18, breaking-changes section; fix stylesheet
  path (shipped file is dist/parcoords.css, not parasol.css); document
  the three dist bundles; drop stale test:cover instructions and dead
  badge comments.
- Regenerate JSDoc output (3.5.5 -> 4.0.5, stale since 2019).
- package.json keyword d3v5 -> d3v7; mark TASK-021 done in release plan.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Demos work today (standalone bundle carries its own d3 v7) so this is
post-release, tracked as a GitHub issue rather than a release gate.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
jrkasprzyk is logged in but not an owner of parasol-es; sole owner is
joshhjacobson. Publish blocked until owner add or scoped fallback.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Add to .gitignore and remove from index; file stays on disk.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants