Bump skuba from 9.1.0 to 12.4.1

[dependabot]

Bumps skuba from 9.1.0 to 12.4.1.

Release notes

Sourced from skuba's releases.

skuba@12.4.1

Patch Changes

• template/oss-npm-template: Replace invalid $default-branch configuration in workflows (#2085)

• lint: Add CI=true to production install step in Dockerfile (#2082)

  Our API templates include a RUN pnpm install --prod Dockerfile instruction to prune devDependencies from node_modules. However, pruning may not behave as expected in the absence of the CI flag, and pnpm v10.16.0 emits the following error if the environment variable is not set:

  ERR_PNPM_ABORTED_REMOVE_MODULES_DIR_NO_TTY  Aborted removal of modules directory due to no TTY
  If you are running pnpm in CI, set the CI environment variable to "true".

  We will try to apply a one-time patch to your project to add the CI environment variable to Dockerfiles that have a RUN pnpm install --prod instruction:

  - RUN pnpm install --offline --prod
  + RUN CI=true pnpm install --offline --prod

skuba@12.4.0

Minor Changes

• build: Default esbuild output to CJS format (#2074)

  Note: This only affects projects that have manually set package.json#/skuba/build to "esbuild". There are less than 10 of these at time of writing.

  skuba build now defaults to CJS output when using the esbuild configuration. ESM output is only used when the following conditions are met:

  • "type": "module" is set in package.json
  • The module field in tsconfig.json is not set to "commonjs"

• lint: Remove Dockerfile syntax parser directive (#2075)

  Our containerisation guidance mounts the NPM_TOKEN environment variable as a build secret. This requires Dockerfile frontend version 1.10+, and we previously recommended adding a syntax parser directive to ensure availability of the feature in your build context.

  # syntax=docker/dockerfile:1.10.0
  FROM ...

  However, the directive introduces an online dependency on Docker services at build time. As SEEK-standard local & CI environments now include frontend version 1.18+ in their Docker toolchains, we recommend removing the directive and relying on the bundled version to reduce manual upkeep of the frontend version and to improve resilience.

  We will try to apply a one-time patch to your project to remove the directive. If your build breaks after the patch, your Dockerfile(s) may use other newer syntax features, and you can try manually restoring the directive.

• api: Export apiTokenFromEnvironment from GitHub namespace (#2079)

  The apiTokenFromEnvironment function is now available as GitHub.apiTokenFromEnvironment().

... (truncated)

Changelog

Sourced from skuba's changelog.

12.4.1

Patch Changes

• template/oss-npm-template: Replace invalid $default-branch configuration in workflows (#2085)

• lint: Add CI=true to production install step in Dockerfile (#2082)

  Our API templates include a RUN pnpm install --prod Dockerfile instruction to prune devDependencies from node_modules. However, pruning may not behave as expected in the absence of the CI flag, and pnpm v10.16.0 emits the following error if the environment variable is not set:

  ERR_PNPM_ABORTED_REMOVE_MODULES_DIR_NO_TTY  Aborted removal of modules directory due to no TTY
  If you are running pnpm in CI, set the CI environment variable to "true".

  We will try to apply a one-time patch to your project to add the CI environment variable to Dockerfiles that have a RUN pnpm install --prod instruction:

  - RUN pnpm install --offline --prod
  + RUN CI=true pnpm install --offline --prod

12.4.0

Minor Changes

• build: Default esbuild output to CJS format (#2074)

  Note: This only affects projects that have manually set package.json#/skuba/build to "esbuild". There are less than 10 of these at time of writing.

  skuba build now defaults to CJS output when using the esbuild configuration. ESM output is only used when the following conditions are met:

  • "type": "module" is set in package.json
  • The module field in tsconfig.json is not set to "commonjs"

• lint: Remove Dockerfile syntax parser directive (#2075)

  Our containerisation guidance mounts the NPM_TOKEN environment variable as a build secret. This requires Dockerfile frontend version 1.10+, and we previously recommended adding a syntax parser directive to ensure availability of the feature in your build context.

  # syntax=docker/dockerfile:1.10.0
  FROM ...

  However, the directive introduces an online dependency on Docker services at build time. As SEEK-standard local & CI environments now include frontend version 1.18+ in their Docker toolchains, we recommend removing the directive and relying on the bundled version to reduce manual upkeep of the frontend version and to improve resilience.

  We will try to apply a one-time patch to your project to remove the directive. If your build breaks after the patch, your Dockerfile(s) may use other newer syntax features, and you can try manually restoring the directive.

• api: Export apiTokenFromEnvironment from GitHub namespace (#2079)

... (truncated)

Commits

• 66c11bc Version Packages (#2083)
• 7ad6832 Remove broken $default-branch (#2085)
• 8194a36 Add CI=true to Dockerfile (#2082)
• 218404c Version Packages (#2077)
• 021faab Tweak changesets (#2081)
• df643fb Autofix apiTokenFromEnvironment usage (#2080)
• b78d4ec Export apiTokenFromEnvironment (#2079)
• ec19b4b Update CONTRIBUTING.md (#2076)
• 2fb2c6e update: dependency pnpm to v10.17.1 (#2073)
• 8d287f6 template: Remove syntax directive from Dockerfiles (#2075)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for skuba since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)