fix: tinyexec v1 is esm only, use 0.x instead

[JounQin]

close #211

---

Important

Downgrade tinyexec to ^0.3.2, add Node.js 24 to CI, and update release workflow for 4.x branch.

• Dependencies:
  • Downgrade tinyexec from ^1.0.1 to ^0.3.2 in package.json to ensure compatibility.
• CI Workflow:
  • Add Node.js version 24 to the matrix in ci.yml.
• Release Workflow:
  • Change release branch from master to 4.x in release.yml.
  • Modify release script in package.json to use --tag release-v4.

^{This description was created by for 956ae9d. You can customize this summary. It will automatically update as commits are pushed.}

Summary by CodeRabbit

• Chores
  • Updated configuration and workflows to use the "4.x" branch instead of "master".
  • Expanded CI testing to include Node.js 24.
  • Adjusted release scripts to use a new release tag.
  • Downgraded the tinyexec dependency to version 0.x for compatibility.
  • Added documentation regarding tinyexec versioning and ESM-only support.

[changeset-bot]

🦋 Changeset detected

Latest commit: 86a3b82

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
pretty-quick	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

The changes update configuration and workflow files to support the "4.x" branch and Node.js 24, adjust release tagging, and downgrade the tinyexec dependency from version 1.x to 0.x due to ESM compatibility issues. A new changeset documents the tinyexec version fix.

Changes

File(s)	Change Summary
.changeset/config.json, .github/.../release.yml	Changed base/release branch from "master" to "4.x".
.github/workflows/ci.yml	Added Node.js 24 to CI matrix for testing.
package.json	Downgraded tinyexec from ^1.0.1 to ^0.3.2; updated release script to use --tag release-v4.
.changeset/short-rocks-count.md	Added a changeset documenting the tinyexec ESM compatibility fix.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant CI Workflow
    participant Node.js Matrix
    participant Release Workflow

    Developer->>CI Workflow: Pushes code to "4.x"
    CI Workflow->>Node.js Matrix: Runs tests on Node.js 14/16/18/20/22/24
    Developer->>Release Workflow: Pushes to "4.x"
    Release Workflow->>Release Workflow: Publishes with tag "release-v4"

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Fix ESM error by avoiding tinyexec v1.x and using v0.x instead (#211)	✅

Poem

In the warren, code hops anew,
A bug with ESM—now bid adieu!
Node.js 24 joins the testy dance,
Release tags leap with a brand-new chance.
With tinyexec tamed, the code runs free,
A rabbit’s joy for all to see! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 87771dd and 86a3b82.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (5)

• .changeset/config.json (1 hunks)
• .changeset/short-rocks-count.md (1 hunks)
• .github/workflows/ci.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• package.json (2 hunks)

🔇 Additional comments (6)

.changeset/config.json (1)

13-13: Align changeset base branch to 4.x
This updates the baseBranch to match the new release branch strategy.

.github/workflows/release.yml (1)

6-6: Trigger releases on 4.x branch
Switches the workflow trigger from master to 4.x to align with the updated branch naming.

.changeset/short-rocks-count.md (1)

1-6: Document tinyexec downgrade changeset
Clear and concise changeset title and description matching the dependency fix.

package.json (2)

65-65: Add --tag release-v4 to release script
Ensures published packages are tagged correctly for the 4.x branch releases.

---

77-77:

✅ Verification successful

Downgrade tinyexec to ^0.3.2
Addresses ESM-only compatibility by reverting to the latest 0.x release.

Run this script to confirm the version exists on npm and check for vulnerabilities:

---

🏁 Script executed:

#!/bin/bash
# Verify tinyexec version and audit for vulnerabilities
npm view tinyexec versions | grep "^0\\.3\\.2$"
npm audit --json | jq '.advisories["tinyexec"]'

Length of output: 451

---

To fully verify that v0.3.2 exists and is free of vulnerabilities, please run:

This will:

• List every tinyexec version so you can confirm 0.3.2 is present.
• Generate a package-lock.json pinned to [email protected].
• Report any security advisories for that specific module.

---

🏁 Script executed:

#!/bin/bash
set -e

echo "1) Fetching all published versions of tinyexec"
npm view tinyexec versions --json

echo -e "\n2) Creating a temporary lockfile for [email protected]"
rm -f package-lock.json
npm install [email protected] --package-lock-only

echo -e "\n3) Auditing for known tinyexec advisories"
npm audit --json | jq '.advisories | with_entries(select(.value.module_name=="tinyexec"))'

Length of output: 694

---

To avoid your repo’s local link: deps and get a clean audit of [email protected], please run this in a temporary project:

– This confirms the version exists, installs it in isolation, and surfaces any audited advisories for tinyexec alone.

---

🏁 Script executed:

#!/bin/bash
set -e

# 1) Create and enter a temp directory
WORKDIR=$(mktemp -d)
echo "Using temp dir: $WORKDIR"
cd "$WORKDIR"

# 2) Bootstrap a minimal npm project
npm init -y > /dev/null

# 3) Install [email protected]
echo "Installing [email protected]..."
npm install [email protected] --save-exact > /dev/null

# 4) Audit that module only
echo "Running npm audit for tinyexec..."
npm audit --json \
  | jq '.advisories 
      | with_entries(select(.value.module_name=="tinyexec"))'

echo "Done. You can delete $WORKDIR when finished."

Length of output: 508

---

Approve downgrade to tinyexec@^0.3.2

• Confirmed 0.3.2 is published on npm and npm audit reports no advisories for this module.

File: package.json (line 77)

- "tinyexec": "…"
+ "tinyexec": "^0.3.2",

.github/workflows/ci.yml (1)

25-25: Include Node.js 24 in CI matrix
Expands test coverage to the latest Node.js release.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR ensures compatibility by downgrading tinyexec from v1 (ESM-only) to the last CJS-supported v0.x release, and updates release branches and CI matrices for the new 4.x line.

• Pin tinyexec peer dependency to ^0.3.2 for CJS support.
• Add 4.x as a release trigger and update the changeset base branch to 4.x.
• Include Node.js v24 in the CI test matrix.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

File	Description
package.json	Downgrade tinyexec to ^0.3.2 and tag releases as release-v4 in the release script.
.github/workflows/release.yml	Add 4.x to the list of branches that trigger the release workflow.
.github/workflows/ci.yml	Extend the Node.js version matrix to include v24.
.changeset/config.json	Change baseBranch from master to 4.x for new releases.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 956ae9d in 48 seconds. Click for details.

• Reviewed 47 lines of code in 3 files
• Skipped 2 files when reviewing.
• Skipped posting 4 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/ci.yml:25

• Draft comment:
  Added Node 24 to the test matrix. Verify that tests run correctly on Node 24.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. .github/workflows/release.yml:6

• Draft comment:
  Release workflow now triggers on branch '4.x' rather than 'master'. Ensure this aligns with your branch strategy for v4 releases.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to ensure that the change aligns with their branch strategy, which is against the rules. It doesn't provide a specific code suggestion or ask for a specific test to be written. Therefore, it should be removed.

3. package.json:65

• Draft comment:
  Release script updated with '--tag release-v4'. Confirm that this tagging strategy meets your release versioning requirements.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to confirm their tagging strategy, which is against the rules. It doesn't provide a specific suggestion or point out a clear issue with the code.

4. package.json:77

• Draft comment:
  Dependency 'tinyexec' downgraded to '^0.3.2' to restore CommonJS compatibility. This fixes the ESM error (issue #211).
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is purely informative, explaining a change in dependency version to address a specific issue. It doesn't provide a suggestion or ask for confirmation about the change.

Workflow ID: wflow_9tZsh7cEfOiA8OqR

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/pretty-quick@212

commit: 88fef75

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.61%. Comparing base (87771dd) to head (86a3b82).

Additional details and impacted files

@@           Coverage Diff           @@
##              4.x     #212   +/-   ##
=======================================
  Coverage   91.61%   91.61%           
=======================================
  Files           9        9           
  Lines         167      167           
  Branches       35       36    +1     
=======================================
  Hits          153      153           
+ Misses         14       12    -2     
- Partials        0        2    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[JounQin]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.