Modernize toolchain and dependencies for v2.0.0#35
Conversation
- rebuild dist/parasol.standalone.js, stale since 2019 - still contained bundled d3 v5 and old vulnerable parcoords; standalone is now built by `npm run build` and guarded by prepublishOnly - fix postcss extract path that wrote dist/dist/parcoords.css - replace dead Travis config with GitHub Actions (lint + build on Node 18/20/22) - normalize line endings via .gitattributes; fix remaining lint errors (drop dead bindEvents.js, unused sortdir/events) - drop mocha/nyc/cross-env (no tests exist) and the stale serialize-javascript override; npm audit reports 0 vulnerabilities - bump engines to node >=18 Major bump: this branch upgrades d3 v5 to v7 and swaps parcoord-es for the modernized fork github:jrkasprzyk/parcoords-es. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Replace git-pinned github:jrkasprzyk/parcoords-es dependency with the npm-published @jrkasprzyk/parcoord-es@^3.0.0 (d3 v7 fork of parcoord-es 2.2.10). Update import, UMD globals key, and rebuild.
Mark TASK-017/018 complete: fork published to npm as @jrkasprzyk/parcoord-es@3.0.0 and dependency swapped pre-release (c565384), so the change ships in 2.0.0 with no 2.0.1 needed. Resolve CON-002/RISK-002, supersede RISK-004 (SHA pin -> ^3.0.0), and update DEP-001, TEST-002, and related sections to the published package name. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Modernizes parasol-es for the v2.0.0 release by upgrading the JS toolchain and key visualization dependencies (notably d3), rebuilding committed dist artifacts, and replacing legacy CI/configuration.
Changes:
- Upgrade runtime dependencies (d3 v7; switch parcoords to
@jrkasprzyk/parcoord-es) and bump package to v2.0.0 with Node >= 18. - Replace legacy Rollup configs with a modern Rollup v4 config that produces both library bundles and a standalone bundle; regenerate
dist/. - Replace Travis with GitHub Actions CI; add line-ending normalization and lint config updates; remove dead/unused code/config.
Reviewed changes
Copilot reviewed 18 out of 27 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| vulnerability-fixes.md | Adds a 2026-06 update note documenting audit status and release readiness. |
| src/index.js | Removes unused events destructuring and dead commented code. |
| src/bindEvents.js | Deletes unused/dead module. |
| src/api/resetSelections.js | Updates thrown message quoting for invalid selection. |
| src/api/removeData.js | Updates thrown message quoting for invalid selection. |
| src/api/keepData.js | Updates thrown message quoting for invalid selection. |
| src/api/init.js | Switches parcoords import to @jrkasprzyk/parcoord-es. |
| src/api/exportData.js | Updates thrown message quoting for invalid selection. |
| src/api/attachGrid.js | Removes unused sort-direction variable. |
| rollup.config.mjs | Modern Rollup v4 config: globals for UMD, shared plugins, library + standalone outputs. |
| rollup.config.js | Deletes legacy Rollup config (deprecated toolchain). |
| rollup.config.dev.js | Deletes legacy dev Rollup config (deprecated toolchain). |
| plan/process-npm-release-1.md | Adds a release process plan/checklist for publishing v2.0.0. |
| package.json | Bumps to 2.0.0, Node >=18, adds prepublishOnly, swaps parcoords dependency, removes stale dev tooling/overrides. |
| package-lock.json | Updates lockfile for new deps/tooling and removes dropped packages. |
| dist/parasol.standalone.js | Rebuilt standalone bundle including updated dependency versions and fixes. |
| dist/parasol.js | Rebuilt UMD library bundle reflecting dependency and code changes. |
| dist/parasol.esm.js | Rebuilt ESM library bundle reflecting dependency and code changes. |
| dist/dist/parcoords.css | Removes accidentally nested CSS artifact (dist/dist/...). |
| demo/legacy.html | Line-ending/format normalization only (no functional change apparent). |
| .travis.yml | Removes Travis CI configuration. |
| .github/workflows/ci.yml | Adds GitHub Actions CI (lint + build on Node 18/20/22). |
| .gitattributes | Enforces LF normalization and marks binary file patterns. |
| .eslintrc.json | Updates lint rules to allow unused function args while still erroring on other unused vars. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I ran an additional Review done. Result: No issues ≥80 confidence. Both candidates scored 0 (false positives):
Also clean: past PR #33 feedback (unpinned git dep, Node engines) both resolved by this PR; shallow bug scan found nothing; rollup globals map complete for all 12 deps. |
Currently, external is currently an array of dependency names, which only matches exact import IDs. Deep imports like file-saver/FileSaver are not treated as external, so the library builds end up bundling those dependencies (e.g., FileSaver code is embedded in dist/parasol.js/dist/parasol.esm.js) despite the comment stating dependencies stay external. Here, we are using an external predicate that also treats dep/* as external. Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
- String throws lose stack traces and fail instanceof Error checks; drop redundant "Error: " prefix from messages. - Import file-saver from package root: deep path 'file-saver/FileSaver' bypassed the external list and was bundled into the library builds despite being a declared dependency. - Regenerate dist. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- README: d3 v7, Node >=18, breaking-changes section; fix stylesheet path (shipped file is dist/parcoords.css, not parasol.css); document the three dist bundles; drop stale test:cover instructions and dead badge comments. - Regenerate JSDoc output (3.5.5 -> 4.0.5, stale since 2019). - package.json keyword d3v5 -> d3v7; mark TASK-021 done in release plan. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Demos work today (standalone bundle carries its own d3 v7) so this is post-release, tracked as a GitHub issue rather than a release gate. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
jrkasprzyk is logged in but not an owner of parasol-es; sole owner is joshhjacobson. Publish blocked until owner add or scoped fallback. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Add to .gitignore and remove from index; file stays on disk. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Summary
Modernizes parasol-es for the v2.0.0 release:
@jrkasprzyk/parcoord-es@^3.0.0(d3 v7-compatible; registry package, no git dependency)npm auditclean (0 vulnerabilities); stale overrides and unused devDeps removedengines: node >=18,prepublishOnlybuild guard.gitattributes; lint fixes; dead code removedBreaking changes
@jrkasprzyk/parcoord-esVerification
npm run lintandnpm run buildpassdist/parasol.standalone.jsloads in jsdom (typeof window.Parasol === 'function')npm audit --omit=dev: 0 vulnerabilitiesSee
plan/process-npm-release-1.mdfor the full release plan andvulnerability-fixes.mdfor the security fix history.🤖 Generated with Claude Code