chores(javascript): cleanup NPM and Webpack #2934
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When running `npm install`, a dependency resolution error for `webpack` comes up. `[email protected]` requires `[email protected]`, but the project requires `webpack@^5.76.0`. Resolve by uncritically updating the version of `webpack-cli` to match that of `webpack-dev-server`, `^4.10.0`. Make adjustments to `webpack.config.js` to work with this newer version (see `devServer.writeToDisk`).
Its use was removed in 1f60671. Prune it and its dependencies.
Webpack was upgraded to version 5 in 8256590, but has not been used to generate Javascript. Webpack 5 includes quite a few changes and, unfortunately, generates different compiled output. Notably, it strips and extracts license-like comments into a `LICENSE.txt` file. Handle this by using a `TerserPlugin` with a custom configuration (which is, evidently, the recommended approach). Another difference was was source-map generation. Seeing that existing files are essentially empty, remove source-maps for the time being. Sadly, nothing can be done about the different order of concatenation. Webpack 5 Release Notes: https://webpack.js.org/blog/2020-10-10-webpack-5-release/
This updates the transitive dependencies, `semver`, `word-wrap`, and `caniuse-lite`. None cause a change in the generated Javascript. This resolves the "3 moderate severity vulnerabilities" that npm would complain about and also the complaint about `Browserslist` from Webpack.
cweider
force-pushed
the
javascript-chores
branch
from
040e290 to
a00a4ce
Compare
cweider
commented
Jul 21, 2023
| @@ -1 +0,0 @@ | |||
| {"version":3,"file":"vendor.js","sources":["webpack:///vendor.js"],"mappings":"AAAA;;;;;AA8ZA;AAyoCA;;;;AA8sKA;;;;;AAsvaA;;;;;;;AAy/FA;;;;;;;;AAkiRA;;;;;;;;AAmCA;;;;;;;;AAoTA;;;;;;;;AA28BA;;;;;;;;AA0YA;;;;;;;;AAg7DA;;;;;;;;AAkCA","sourceRoot":""} | |||
There was a problem hiding this comment.
I’m not sure why sources is only ["webpack:///vendor.js"] (or how to generate this output). The good news is that it means this source map is essentially meaningless – and harmless to remove.
cweider
commented
Jul 21, 2023
| terserOptions: { | ||
| compress: true, | ||
| }, | ||
| })], |
There was a problem hiding this comment.
I don’t love this non-default plugin, but this is evidently how you preserve comments. Moving to LICENSE.txt (the default imposed by Webpack 5) is something to consider, but, on balance, the added complication of this plugin is worth removing urgency of reconsidering our source attribution approach!
cweider
commented
Jul 21, 2023
| @@ -1 +0,0 @@ | |||
| {"version":3,"file":"main.js","sources":["webpack:///main.js"],"mappings":"AAAA","sourceRoot":""} | |||
|
LGTM, thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes issues:
webpack-clihad preventednpm installnpm auditreported several vulnerable packages