Conformance changelog

pnpm update --latest --recursive @vercel-private/conformance

• Support for Turborepo v2 configuration

• Update dependencies listed in THIRD_PARTY_LICENSES.md file
• Update NEXTJS_NO_CLIENT_DEPS_IN_MIDDLEWARE rule to not treat react as just a client dependency

• Adds a THIRD_PARTY_LICENSES.md file listing third party licenses

• Update NO_SERIAL_ASYNC_CALLS rule to highlight the awaited call expression instead of the entire function

• Update rule logic for detecting duplicate allowlist entries based on the details field

This patch update has the following changes:

• Optimize checking allowlists for existing Conformance issues
• Isolate some work by moving it to a worker thread
• Fix error when trying to parse empty JavaScript/TypeScript files

This patch update has the following changes:

• Parse ESLint JSON config with a JSONC parser
• Fix retrieving latest version of CLI during init

This patch update has the following changes:

• Fix updating allowlist files when entries conflict or already exist

This minor update has the following changes:

• Replace NEXTJS_MISSING_MODULARIZE_IMPORTS Next.js rule with NEXTJS_MISSING_OPTIMIZE_PACKAGE_IMPORTS
• Fix showing error messages for rules
• Update allowlist entry details for REQUIRE_CARET_DEPENDENCIES

This minor update has the following changes:

• Ensure in-memory objects are cleaned up after each run
• Fix detection of Next.js apps in certain edge cases
• Bump dependencies for performance and security

This patch update has the following changes:

• Fix the init command for Yarn classic (v1)
• Update AST caching to prevent potential out of memory issues
• Fix requesting git authentication when sending Conformance metrics

This minor update has the following changes:

• Support non-numeric Node version numbers like lts in REQUIRE_NODE_VERSION_FILE.
• Add version range support for forbidden-packages custom rules.
• Updates dependencies for performance and security.

New rules:

• REQUIRE_DOCS_ON_EXPORTED_FUNCTIONS. Requires that all exported functions have JSDoc comments.

This minor update captures and sends Conformance runs metrics to Vercel. Your team will be able to view those metrics in the Vercel dashboard.

The following rules also include these fixes:

• NEXTJS_REQUIRE_EXPLICIT_DYNAMIC: Improved error messaging.
• NEXTJS_SAFE_NEXT_PUBLIC_ENV_USAGE: Improved error messaging.

This minor update introduces multiple new rules, fixes and improvements for existing rules and the CLI, and updates to some dependencies for performance and security.

Notably, this release introduces a new needsResolution flag. This is used by the CLI and will be used in future metrics as a mechanism to opt-out of further tracking of this issue.

The following new rules have been added:

• NO_UNNECESSARY_PROP_SPREADING: Disallows the usage of object spreading in JSX components.

The following rules had fixes and improvements:

• REQUIRE_CARET_DEPENDENCIES: Additional cases are now covered by this rule.
• NO_INSTANCEOF_ERROR: Multiple issues in the same file are no longer reported as a single issue.
• NO_INLINE_SVG: Multiple issues in the same file are no longer reported as a single issue.
• REQUIRE_ONE_VERSION_POLICY: Multiple issues in the same file are now differentiated by the package name and the location of the entry in package.json.

This minor update introduces a new rule and improvements to our telemetry.

The following new rules have been added:

• NO_INSTANCEOF_ERROR: Disallows using error instanceof Error comparisons due to risk of false negatives.

This minor update introduces multiple new rules, fixes and improvements for existing rules and the CLI, and updates to some dependencies for performance and security.

The following new rules have been added:

• NEXTJS_SAFE_NEXT_PUBLIC_ENV_USAGE: Requires allowlist entries for any usage of NEXT_PUBLIC_* environment variables.
• NO_POSTINSTALL_SCRIPT: Prevents the use of "postinstall" script in package for performance reasons.
• REQUIRE_CARET_DEPENDENCIES: Requires that all dependencies and devDependencies have a ^ prefix.

The following rules had fixes and improvements:

• PACKAGE_MANAGEMENT_REQUIRED_README: Lowercase readme.md files are now considered valid.
• REQUIRE_NODE_VERSION_FILE: Resolved an issue preventing this rule from correctly reporting issues.
• NO_INLINE_SVG: Detection logic now handles template strings alongside string literals.
• The forbidden-imports custom rule type now supports paths being defined in rule configuration.

This minor update introduces new rules to improve Next.js app performance, resolves an issue where TypeScript's baseUrl wasn't respected when traversing files, and fixes an issue with dependency traversal which caused some rules to return false positives in specific cases.

The following new rules have been added:

• NEXTJS_REQUIRE_EXPLICIT_DYNAMIC: Requires explicitly setting the dynamic route segment option for Next.js pages and routes.
• NO_INLINE_SVG: Prevents the use of svg tags inline, which can negatively impact the performance of both browser and server rendering.

This patch updates some Conformance dependencies for performance and security, and improves handling of edge case for both NEXTJS_NO_ASYNC_LAYOUT and NEXTJS_NO_ASYNC_PAGE.

This minor update introduces a new rule, and improvements to both NEXTJS_NO_ASYNC_LAYOUT and NEXTJS_NO_ASYNC_PAGE.

The following new rules have been added:

• REQUIRE_NODE_VERSION_FILE: Requires that workspaces have a valid Node.js version file (.node-version or .nvmrc) file defined.

This minor update introduces new rules to improve Next.js app performance, enhancements to the CLI output, and improvements to our telemetry. While telemetry improvements are not directly user-facing, they enhance our ability to monitor and optimize performance.

The following new rules have been added:

• NEXTJS_NO_ASYNC_PAGE: Ensures that the exported Next.js page component and its transitive dependencies are not asynchronous, as that blocks the rendering of the page.
• NEXTJS_NO_ASYNC_LAYOUT: Ensures that the exported Next.js layout component and its transitive dependencies are not asynchronous, as that can block the rendering of the layout and the rest of the page.
• NEXTJS_USE_NATIVE_FETCH: Requires using native fetch which Next.js polyfills, removing the need for third-party fetch libraries.
• NEXTJS_USE_NEXT_FONT: Requires using next/font (when possible), which optimizes fonts for improved privacy and performance.
• NEXTJS_USE_NEXT_IMAGE: Requires that next/image is used for all images for improved performance.
• NEXTJS_USE_NEXT_SCRIPT: Requires that next/script is used for all scripts for improved performance.

Initial release of Conformance.