deps: skuba 15.3.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
skuba	14.1.1 → 15.3.0

---

Release Notes

seek-oss/skuba (skuba)

v15.3.0

Compare Source

Minor Changes

• deps: Require Node.js 22.18.0+ (#​2261)

  This change should only impact projects using skuba build-package

• lint: Migrate tsdown configs to support 0.21 (#​2261)

  This patch attempts to migrate the external, noExternal, inlineOnly and skipNodeModulesBundle fields to their new equivalents and sets failOnWarn to true.

  Read the tsdown release notes for more information.

Patch Changes

• lint: Avoid scaffolding pnpm-workspace.yaml in yarn repos (#​2278)

• deps: @​ast-grep/lang-yaml ^0.0.6 (#​2281)

• deps: @​ast-grep/lang-json ^0.0.7 (#​2280)

• deps: tsdown ~0.21.0 (#​2261)

v15.2.0

Compare Source

Minor Changes

• build: Add experimental rolldown build support (#​2275)

  skuba now supports rolldown as a build mode. You can opt in by setting "build": "rolldown" in your skuba config in package.json, which will invoke rolldown using a config file:

  {
    "skuba": {
  -   "build": "esbuild",
  +   "build": "rolldown",
      "template": "koa-rest-api",
      "type": "application"
    }
  }

  See the rolldown documentation for details on configuring rolldown via a config file.

  Example config file (rolldown.config.mjs):

  import { defineConfig } from 'rolldown';
  
  export default defineConfig({
    input: 'src/listen.ts',
    platform: 'node',
    external: [/^dd-trace/],
    resolve: {
      conditionNames: ['@​seek/my-repo/source'],
    },
    output: {
      format: 'esm',
      sourcemap: true,
    },
  });

Patch Changes

• lint: Disable trustPolicy and strictDepBuilds (#​2276)

  Due to issues with how pnpm parses the trustPolicy and strictDepBuilds options, we are disabling them temporarily

  These will be re-enabled in a future release once the underlying issues have been resolved.

v15.1.0

Compare Source

Minor Changes

• lint: Restore managed pnpm-workspace.yaml sections (#​2265)

  This patch restores sections of pnpm-workspace.yaml that were previously removed in the previous release because Renovate is not fully compatible with pnpm config dependencies.

  These new managed sections should allow for greater flexibility than the previous configurations. Please reach out if you run into any issues.

Patch Changes

• deps: ejs ^5.0.0 (#​2270)

v15.0.1

Compare Source

Patch Changes

• init: Fix pnpm config dependency installation (#​2258)

v15.0.0

Compare Source

Major Changes

• build-package: Migrate to tsdown (#​2194)

  As part of our migration to ESM, we are updating our package build process to support generating both CJS and ESM outputs, regardless of whether projects use CJS or ESM. Since our current tsc-based build does not support this, we are switching to tsdown for package builds.

• lint: Enable allowBuilds, trustPolicy, blockExoticSubdeps and ignorePatchFailures in pnpm-plugin-skuba (#​2188)

  In light of recent security vulnerabilities plaguing the JavaScript ecosystem, we are enabling some additional pnpm features to help mitigate the risk of supply chain attacks.

  We have allowlisted a set of known packages as our default but you may need to update your pnpm-workspace.yaml configuration to add any additional packages you use that are not included in the default allowlist.

  Example:

  allowBuilds:
    some-package: true
    some-other-package@1.0.0: true
  
  trustPolicyExclude:
    - some-package@1.2.3

• lint: Migrate pnpm-workspace.yaml skuba configuration to pnpm-plugin-skuba (#​2188)

  This change replaces the managed skuba section in pnpm-workspace.yaml with a pnpm configuration plugin.

  The migration includes removing the minimumReleaseAgeExcludeOverload settings from package.json and migrating them to pnpm-workspace.yaml

  This simplifies the managed configuration skuba provides, allowing you to override and extend previously un-configurable settings such as minimumReleaseAge from your pnpm-workspace.yaml file.

  Example:

  minimumReleaseAge: 1440 # 1 day
  minimumReleaseAgeExclude:
    - some-package

• lint: Migrate skuba build-package usage to use tsdown for building packages (#​2194)

  This patch will attempt to do a best effort migration of your skuba build-package usage to use tsdown for building packages. It is highly recommended that you manually review and test the changes. This includes:

  1. Adding a tsdown.config.mts file to your package directories with a basic configuration
  2. Adding a customConditions entry to your root tsconfig.json file
  3. Adding skipLibCheck to your package tsconfig.json files to work around issues with type checking against tsdown.
  4. Updating your package package.json files to point to the new build outputs
  5. Migrating package.json assets usage to use tsdown copy configuration
  6. Removing redundant tsconfig.build.json files

File changes

The output between what skuba build-package generates before and after this change will be different, so you may need to update any references to the output files in your project.

For example the output for a simple src/index.ts file produces the following outputs:

-lib-commonjs/index.js
-lib-es2015/index.js
-lib-types/index.d.ts
+lib/index.cjs
+lib/index.mjs
+lib/index.d.cts
+lib/index.d.mts

This change may break consumers who directly access these output paths.

To check if your consumers are affected, search GitHub with: org:SEEK-Jobs content:"@​seek/MY_PACKAGE/"

If needed, export those references from your package entry point to help consumers migrate to the new build outputs.

Note: if you choose to remove the unbundle: true option from tsdown.config.mts, tsdown may emit bundled/chunked outputs and internal lib/... file paths can change between builds. Consumers should avoid importing from build output files directly, and instead import from the package entry point (or explicitly exported sub paths)

Format changes

tsdown selects what ECMAScript target version to build for based on the engines.node field in your package.json.

This means that for consumers previously relying on the lib-es2015 output may need to update their runtime to match your package's engines.node field.

An example changeset you may want to include for a package:

---
'my-package': major
---

Update npm package build outputs

This release changes published build output paths. If you were previously importing from nested paths within the build output you will need to update imports to use the package entry point (for example, `@seek/my-package`).

Please note that this usage is generally not recommended as it can lead to breakages when build outputs change.

```diff
-import type { SomeType } from '@​seek/my-package/lib-types/...';
+import type { SomeType } from '@​seek/my-package';
```

Debugging

Additional Entrypoints

If your package has additional entry points, for example:

import { SomeFunction } from '@​seek/my-package/subpath';

You will need to add them as additional entry points in your tsdown.config.mts file, for example:

import { defineConfig } from 'tsdown/config';

export default defineConfig({
  entries: ['src/index.ts', 'src/subpath/index.ts'],
});

This must be followed by a run of skuba build-package which will update your package.json exports field.

attw (Are the types wrong?)

If you run into the following error:

❌ No resolution (node10) at @​seek/my-package/subpath

You have a couple different options to resolve this:

1. Update your tsdown.config.mts and update the attw configuration to use a node16 profile. This tells the attw tool to ignore the node/node10 module resolution. Projects using skuba 13 or above will be compatible with this by default.

import { defineConfig } from 'tsdown/config';

export default defineConfig({
  entries: ['src/index.ts', 'src/subpath/index.ts'],
-  attw: true,
+  attw: {
+    profile: 'node16',
+  },
});

1. Create an additional package.json file

For an entrypoint such as @seek/my-package/foo, create a folder called foo with an additional package.json file with the following content.

{
  "main": "../lib/foo/index.cjs",
  "module": "../lib/foo/index.mjs",
  "types": "../lib/foo/index.d.cts"
}

and ensure that the folder is exported in your files array in your root package.json file.

{
  "files": ["lib", "foo"]
}

Jest

If your project utilises a main field which points to a .ts file within a monorepo setup, eg.

 "main": "src/index.ts",

You may need to create a moduleNameMapper entry in your Jest config files to point to the source file, eg.

{
  "moduleNameMapper": {
    "^@&#8203;seek/my-package": "<rootDir>/packages/my-package/src/index.ts"
  }
}

This will work natively with custom conditions when we migrate to vitest in the future, but is required for Jest to continue working with the new build outputs.

import { defineConfig } from 'vitest/config';

export default defineConfig({
  ssr: {
    resolve: {
      conditions: ['@​seek/my-repo/source'],
    },
  },
});

Minor Changes

• init: Add support for private SEEK templates (#​2198)

  Adds support for downloading templates from the private SEEK-Jobs/skuba-templates repository. Users can now select "seek →" from the template list and specify a private template name, which will be downloaded using sparse checkout via SSH.

• template/*-npm-package: Migrate to tsdown for bundling (#​2193)

• lint: Ignore coverage, dist, lib and tmp folders at any depth (#​2256)

Patch Changes

• deps: @​ast-grep/napi ^0.41.0 (#​2245)

• template/lambda-sqs-worker-cdk: Update Datadog secret configuration to support custom KMS keys (#​2239)

---

Configuration

📅 Schedule: Branch creation - "after 3:00 am and before 6:00 am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

🦋 Changeset detected

Latest commit: f1abb37

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@seek/aws-codedeploy-hooks	Minor
@seek/aws-codedeploy-infra	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.