chore(deps): update dependency dependency-cruiser to v16

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dependency-cruiser	15.5.0 -> 16.0.0

---

Release Notes

sverweij/dependency-cruiser (dependency-cruiser)

v16.0.0

Compare Source

⚡ Is this release breaking for me?

TL;DR: Not likely, if you only use the command line interface

👩 I use the command line interface

When you have rules defined on dependency type type-only or on the
aliased-* ones, dependency-cruiser might start to report issues it didn't
in previous versions as it now more precisely detects those.

• 03bdda2 fix(resolve)!: makes alias type derivation more correct and precise BREAKING (#​867)
• 19033e8 feat(extract)!: detect 'type-only' with inline imports/exports - BREAKING (#​875) (@​alvaro-cuesta)

🤖 I use the API

Changes in data structures. Click for details.

• 05d9795 feat!: restructures the via* sub-restrictions to also accept & validate against dependency types (BREAKING for API users) (#​894). See rules-reference.md#circular for details.

  • before: in rules cycles can be restricted with the restrictions via, viaOnly, viaNot and viaSomeNot, each of which would accept a regular expression (or an array of them) to match against the module names in the cycle.
  • after: in rules cycles can be restricted with the restrictions via and viaOnly each of which takes an object with the following properties:
    • path: a regular expression (or an array of them) to match against the module names in the cycle.
    • pathNot: a regular expression (or an array of them) to match against the module names in the cycle.
    • dependencyTypes: an array of strings (dependency types) match against the dependency types in the cycle.
    • dependencyTypesNot: an array of strings (dependency types) match against the dependency types in the cycle.

• c6421e3 feat!: makes entries in 'cycle' contain more information (BREAKING for API users) (#​888)

  • before: a cycle in the dependency graph would be reported as an array of strings (the module names)
  • after: a cycle in the dependency graph is reported as an array of objects with the following properties:
    • name: the name of the module
    • dependencyTypes: the types of dependency the module has with the previous
      module in the cycle.

• e8cda75 feat!: makes entries in reachability via's contain more information (BREAKING for API users) (#​895)

  • before: a route ('via') in the dependency graph would be reported as an array of strings (the module names)
  • after: a route ('via') in the dependency graph is reported as an array of objects with the following properties:
    • name: the name of the module
    • dependencyTypes: the types of dependency the module has with the previous
      module in the route.

❤️ Thanks

• @​camillef - for raising the clear & complete issue that asks to check against dependency types over the entire cycle for circular dependencies
• @​alvaro-cuesta - for the PR that made the type-only detection more precise
• @​throrin19 - for raising #​863 that led to better detection of aliased-* dependencies and for testing the fixes
• @​stelescuraul - on adding a test case for workspace aliases on that issue and for testing the fixes for them
• @​martinslota - for a PR that made sure the output ends with a newline
• @​quentindemetz - for a PR that fixed a typo in the options reference

✨ features

✨ finer grained dependency types

In addition to the dependency types dependency-cruiser already distinguished
(local, npm, npm-dev, core, type-only unknown, etc) this release adds a few
that enables rules (and styling) against a few more fine grained ones. E.g.
whether it's a triple slash reference, and if so, what kind (triple-slash-file-reference,
triple-slash-type-reference) whether the dependency is defined in a normal
import, in a dynamic one or instead by way of a (re-)export statement (import,
dynamic-import, export). See rules-reference.md#dependencytypes-and-dependencytypesnot
for the entire list.

• 11127b5 feat(extract): adds more granularity to dependency types (#​884)
• 6d4c72c fix(extract): prevents classifying core modules as aliased-tsconfig-base-url (#​886)
• 03bdda2 fix(resolve)!: makes alias type derivation more correct and precise BREAKING (#​867)
• 0278445 feat(extract): adds "pre-compilation-only" to the dependencyTypes as well, when detected (#​892)

✨ finer grained control on cycle rules

As asked in #​695 dependency-cruiser now allows you to restrict cycles based on
the dependency types as well as the module names. See rules-reference.md#circular with
attributes in the via and viaOnly sub-restrictions.

  // ...

  // log an error for all circular dependencies which consist of only non-`type-only`
  // dependencies, so e.g.
  // violation : a -import-> b -import->           c -import-> a 
  // OK        : a -import-> b -import,type-only-> c -import-> a
  {
    name: 'no-circular-at-runtime',
    severity: 'error',
    from: {
    },
    to: {
      circular: true,
      viaOnly: {
        dependencyTypesNot: ['type-only']
      }
    }
  },

  // ...

• 05d9795 feat!: restructures the via* sub-restrictions to also accept & validate against dependency types (BREAKING for API users) (#​894)
• c6421e3 feat!: makes entries in 'cycle' contain more information (BREAKING for API users) (#​888)

The old notation for via and viaOnly still works, but is deprecated. To ensure
future working we've added these features to dependency-cruiser that guarantee
that the old notation will still work.

• 433e0dc refactor(graph-utl): normalizes name attribute of dependencies on construction to simplify processing (#​887)
• 20e5b94 feat(config-utl): makes possibly old format known violations forward compatible (#​890)
• 7ddf2db feat(cache): adds cache format version & checks against it (#​891)

✨ detection of type-only dependencies within the curly brackets

This PR/ commit enables dependency-cruiser to detect type-only dependencies
that are

    // ...
    import type { SomeType } from 'some-module' // was already detected
    import { type SomeType } from 'some-module' // now also detected as type only
    // ...
    ```

• 19033e8 feat(extract)!: detect 'type-only' with inline imports/exports - BREAKING (#​875)(@​alvaro-cuesta)

✨ others

• 7abbe47 feat(report/dot): adds ability to match arrays for conditional coloring (#​882)
• 17c7e1c Ensure trailing newline is written to files and stdout (#​879) (@​martinslota)
• e8cda75 feat!: makes entries in reachability via's contain more information (BREAKING for API users) (#​895)

👷 maintenance

📖 documentation

• 1af5706 doc(cli): point to picomatch instead of node-glob
• 83fafe1 doc: updates alerts to use GH markdown alerts
• 97e7c03 doc(options-reference): fix typo in swc dependency (#​893) (@​quentindemetz)
• 52dee75 doc(types): swaps the comments for via and viaOnly

🧹 chores

• 92c5782 ci: sets up semantic PR title check
• 33978af chore(ci): ensures our own dependency graphs only show red lines when the severity tells it so
• 27485a4 ci: adds a few rules to own .dependency-cruiser.json
• f0d1fe3 build: ensures dependencies on .d.[cm]?ts$ are type only always
• c5eea78 chore(test): raises branch coverage limit

♻️ LCM

• 83a5589 ci(deps): bump actions/stale from 8 to 9 (#​885)
• 875813e ci(deps): bump github/codeql-action from 2 to 3 (#​889)
• bfb3e2b build(npm): updates external dependencies

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.