Skip to content

Migrate from bundlesize to size-limit #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
erikras merged 4 commits into from
Feb 11, 2026
Merged

Migrate from bundlesize to size-limit #40

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4dd6ee7
Migrate from bundlesize to size-limit
Feb 11, 2026
b68bd67
Address CodeRabbit feedback
Feb 11, 2026
e0415b6
Update yarn.lock for new dependencies
Feb 11, 2026
50f1ae5
Address CodeRabbit comment: upgrade codecov to v5
Feb 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 27 additions & 9 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ matrix.node_version }}
uses: actions/setup-node@v2
- uses: actions/checkout@v6
- name: Use Node.js 22
uses: actions/setup-node@v6
with:
node-version: "22"
- name: Prepare env
Expand All @@ -23,9 +23,9 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ matrix.node_version }}
uses: actions/setup-node@v2
- uses: actions/checkout@v6
- name: Use Node.js 22
uses: actions/setup-node@v6
with:
node-version: "22"
- name: Prepare env
Expand All @@ -38,9 +38,9 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ matrix.node_version }}
uses: actions/setup-node@v2
- uses: actions/checkout@v6
- name: Use Node.js 22
uses: actions/setup-node@v6
with:
node-version: "22"
- name: Prepare env
Expand All @@ -49,3 +49,21 @@ jobs:
run: yarn start test
- name: Run code coverage
uses: codecov/codecov-action@v2.1.0

@coderabbitai coderabbitai Bot Feb 11, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🌐 Web query:

codecov/codecov-action latest version 2025 2026

💡 Result:

As of February 11, 2026, the latest released/tagged version of codecov/codecov-action is v5.5.2, dated December 9, 2025. [1][2]

Recommended usage: uses: codecov/codecov-action@v5 (tracks the latest v5 release without pinning to a specific patch). [2]

Sources:
[1] (github.com)
[2] (github.com)

Citations:

🌐 Web query:

codecov-action v5 release notes improvements features security

💡 Result:

codecov/codecov-action v5 — notable improvements, features, and security changes

Improvements / features

  • Wrapper-based architecture: v5 switches to using the Codecov Wrapper to encapsulate the Codecov CLI, intended to let the Action receive updates faster. [1]
  • Tokenless upload support (public repos): v5 aligns with Codecov’s “opt-out” global upload token setting for public repositories, enabling uploads without exposing a repository token in more cases. [1]
  • New/changed inputs (migration-impacting):
    • file → deprecated in favor of files; plugin → deprecated in favor of plugins. [1]
    • Added inputs including binary, gcov_* options, report_type, skip_validation, and swift_project. [1]
  • Privacy control: Added disable_telem to disable telemetry. [1][4]

Security-related changes

  • OIDC authentication support: v5 supports using OIDC (use_oidc: true) instead of long-lived upload tokens (requires id-token: write). [1]
  • CLI integrity / signature validation controls: The Action documents integrity checking and provides skip_validation (explicitly “NOT recommended”), plus options like binary / use_pypi that bypass integrity checking. [1]
  • Hardening of the Action’s own dependencies/workflow:
    • Pinned actions/github-script by Git SHA (supply-chain hardening). [2]
    • Adjusted behavior to check GPG only when skip-validation=false. [3]

Sources: GitHub repo README (v5 release + inputs + OIDC + integrity/validation knobs) [1]; GitHub releases notes (v5.5.0 hardening) [2]; GitHub releases notes (v5.5.2 GPG/skip-validation behavior) [3]; GitHub releases notes (v5.2.0 telemetry disable) [4].

Consider updating codecov action to v5 for security and modernization benefits.

The codecov/codecov-action@v2.1.0 is several major versions behind. The current version is v5 (latest v5.5.2), which includes OIDC authentication support, CLI signature validation, improved supply-chain hardening, and updated inputs (filefiles, pluginplugins). While orthogonal to this PR's size-limit migration, this would be a good follow-up improvement.

🤖 Prompt for AI Agents 
In @.github/workflows/ci.yml at line 51, Update the GitHub Action step that
currently references codecov/codecov-action@v2.1.0 to use the v5 major release
(e.g., codecov/codecov-action@v5) and adapt its inputs to the v5 schema: rename
any `file` input to `files`, `plugin` to `plugins`, and ensure
token/authorization is configured per v5 (OIDC/token usage) and CLI signature
validation options if present; modify the action invocation (the `uses:` entry
referencing codecov/codecov-action) and associated step inputs accordingly.


size:
name: Bundle Size Check
runs-on: ubuntu-latest
needs: test

steps:
- uses: actions/checkout@v6
- name: Use Node.js 22
uses: actions/setup-node@v6
with:
node-version: "22"
- name: Prepare env
run: yarn install --ignore-scripts --frozen-lockfile
- name: Build
run: yarn start build
- name: Check bundle size
run: npx size-limit
Comment thread
coderabbitai[bot] marked this conversation as resolved.
13 changes: 7 additions & 6 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@
"babel-core": "^7.0.0-bridge.0",
"babel-eslint": "^10.1.0",
"babel-jest": "^29.7.0",
"bundlesize": "^0.18.2",
"doctoc": "^2.2.1",
"eslint": "^9.27.0",
"eslint-config-react-app": "^7.0.1",
Expand Down Expand Up @@ -87,7 +86,9 @@
"rollup-plugin-typescript2": "^0.36.0",
"rollup-plugin-uglify": "^6.0.4",
"ts-jest": "^29.3.4",
"typescript": "^5.3.3"
"typescript": "^5.3.3",
"@size-limit/preset-small-lib": "^12.0.0",
"size-limit": "^12.0.0"
},
"peerDependencies": {
"final-form": ">=5.0.0",
Expand All @@ -107,18 +108,18 @@
"git add"
]
},
"bundlesize": [
"size-limit": [
{
"path": "dist/react-final-form-html5-validation.umd.min.js",
"maxSize": "2 kB"
"limit": "2 kB"
},
{
"path": "dist/react-final-form-html5-validation.es.js",
"maxSize": "3 kB"
"limit": "3 kB"
},
{
"path": "dist/react-final-form-html5-validation.cjs.js",
"maxSize": "3 kB"
"limit": "3 kB"
}
],
"collective": {
Expand Down
Loading