Make .configureOutput() create copy of settings instead of in-place change #2350
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shadowspawn
added
the
semver: major
Collaborator
Author
|
Could go in a minor version since a bug fix, but thinking hold until we do a release to drop node 18 since will break anyone who was inadvertently relying on previous behaviour. |
shadowspawn
changed the title
abetomo
approved these changes
Mar 26, 2025
shadowspawn
added
the
pending release
galaxycores
approved these changes
Apr 8, 2025
shadowspawn
removed
the
pending release
Blankll
added a commit
to geek-fun/serverlessinsight
that referenced
this pull request
Oct 9, 2025
 <h3>Snyk has created this PR to upgrade commander from 14.0.0 to 14.0.1.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **1 version** ahead of your current version. - The recommended version was released **24 days ago**. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>commander</b></summary> <ul> <li> <b>14.0.1</b> - <a href="https://redirect.github.com/tj/commander.js/releases/tag/v14.0.1">2025-09-12</a></br><h3>Fixed</h3> <ul> <li>broken markdown link in README (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3085867003" data-permission-text="Title is private" data-url="tj/commander.js#2369" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2369/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2369">#2369</a>)</li> </ul> <h3>Changed</h3> <ul> <li>improve code readability by using optional chaining (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3203289052" data-permission-text="Title is private" data-url="tj/commander.js#2394" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2394/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2394">#2394</a>)</li> <li>use more idiomatic code with object spread instead of <code>Object.assign()</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3204494758" data-permission-text="Title is private" data-url="tj/commander.js#2395" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2395/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2395">#2395</a>)</li> <li>improve code readability using <code>string.endsWith()</code> instead of <code>string.slice()</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3209103795" data-permission-text="Title is private" data-url="tj/commander.js#2396" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2396/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2396">#2396</a>)</li> <li>refactor <code>.parseOptions()</code> to process args array in-place (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3324072148" data-permission-text="Title is private" data-url="tj/commander.js#2409" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2409/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2409">#2409</a>)</li> <li>change private variadic support routines from <code>._concatValue()</code> to <code>._collectValue()</code> (change code from <code>array.concat()</code> to <code>array.push()</code>) (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3327764465" data-permission-text="Title is private" data-url="tj/commander.js#2410" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2410/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2410">#2410</a>)</li> <li>update (dev) dependencies</li> </ul> </li> <li> <b>14.0.0</b> - <a href="https://redirect.github.com/tj/commander.js/releases/tag/v14.0.0">2025-05-18</a></br><h3>Added</h3> <ul> <li>support for groups of options and commands in the help using low-level <code>.helpGroup()</code> on <code>Option</code> and <code>Command</code>, and higher<br> -level <code>.optionsGroup()</code> and <code>.commandsGroup()</code> which can be used in chaining way to specify group title for following option<br> s/commands (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2874409705" data-permission-text="Title is private" data-url="tj/commander.js#2328" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2328/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2328">#2328</a>)</li> <li>support for unescaped negative numbers as option-arguments and command-arguments (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2921957024" data-permission-text="Title is private" data-url="tj/commander.js#2339" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2339/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2339">#2339</a>)</li> <li>TypeScript: add <code>parseArg</code> property to <code>Argument</code> class (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3022955668" data-permission-text="Title is private" data-url="tj/commander.js#2359" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2359/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2359">#2359</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>remove bogus leading space in help when option has default value but not a description (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2944505658" data-permission-text="Title is private" data-url="tj/commander.js#2348" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2348/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2348">#2348</a>)</li> <li><code>.configureOutput()</code> now makes copy of settings instead of modifying in-place, fixing side-effects (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2948403186" data-permission-text="Title is private" data-url="tj/commander.js#2350" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2350/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2350">#2350</a>)</li> </ul> <h3>Changed</h3> <ul> <li><em>Breaking:</em> Commander 14 requires Node.js v20 or higher</li> <li>internal refactor of <code>Help</code> class adding <code>.formatItemList()</code> and <code>.groupItems()</code> methods (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2874409705" data-permission-text="Title is private" data-url="tj/commander.js#2328" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/2328/hovercard" href="https://redirect.github.com/tj/commander.js/pull/2328">#2328</a>)</li> </ul> </li> </ul> from <a href="https://redirect.github.com/tj/commander.js/releases">commander GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkMjZkNjUyZS01MGMyLTQ0NzEtOTcyNC04NTA2ODZiNGI0MTMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImQyNmQ2NTJlLTUwYzItNDQ3MS05NzI0LTg1MDY4NmI0YjQxMyJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32/settings/integration?pkg=commander&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"breakingChangeRiskLevel":null,"FF_showPullRequestBreakingChanges":null,"FF_showPullRequestBreakingChangesWebSearch":null,"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"commander","from":"14.0.0","to":"14.0.1"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"d26d652e-50c2-4471-9724-850686b4b413","prPublicId":"d26d652e-50c2-4471-9724-850686b4b413","packageManager":"npm","priorityScoreList":[],"projectPublicId":"9c72c875-e7a2-4e68-85a9-7b26a5bc5b32","projectUrl":"https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2025-09-12T07:27:06.725Z"},"vulns":[]}' Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
Modifying command using
.configureOutput()modifies other commands sharing same settings.Fixes: #2342
Solution
Make a copy of settings instead of modifying in place.
ChangeLog
.configureOutput()now makes copy of settings instead of modifying in-place, fixing side-effects