Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fronts client v2 deps update #1529

Merged
merged 31 commits into from
Oct 25, 2023
Merged

fronts client v2 deps update #1529

merged 31 commits into from
Oct 25, 2023

Conversation

dblatcher
Copy link
Contributor

@dblatcher dblatcher commented Oct 18, 2023
edited
Loading

What's changed?

https://trello.com/c/yMRC0Qmx/1786-fix-vulnerabilities-tool-v2

  • Miscellaneous dependency upgrades to reduce vulnerabilities
  • removed the guration dependency - was mentioned in the README but had already been replaced
  • The upgrades to the Babel packages triggered stricter compiling of styled-components - required some extra specifications of types in the source code - EG the type of Events in onChange functions

Implementation notes

This PR makes significant reduction in vulnerabilities, but there is more to do. The main targets area seem likely to require significant changes to source code and tests, which seemed best handled on dedicated PRs:

  • testcafe (integration test suite) is to source of 27/45 remaining vulnerabilities, but there are several breaking changes to address and version conflicts for upgrading jest - might be worth looking into switching to Cypress since it is more commonly used in Guardian projects
  • Using node v14, typescript 3 and webpack 4 - should upgrade to unblock future upgrades, but didn't want too many major changes on one PR
  • styled-components may need an upgrade to v6+ at some point, but the way we handle theming (by overriding and re-exporting base types) no longer seems to be supported: see this issue What happened to ThemedCssFunction and SimpleInterpolation? [v5 to v6 migration] styled-components/styled-components#4087

Checklist

General

  • 🤖 Relevant tests added
  • ✅ CI checks / tests run locally
  • 🔍 Checked on CODE

Client

  • 🚫 No obvious console errors on the client (i.e. React dev mode errors)
  • 🎛️ No regressions with existing user interactions (i.e. all existing buttons, inputs etc. work)
  • 📷 Screenshots / GIFs of relevant UI changes included

@dblatcher dblatcher marked this pull request as ready for review October 18, 2023 15:17
@dblatcher dblatcher requested a review from a team as a code owner October 18, 2023 15:17
@dblatcher dblatcher changed the title Dblatcher/fronts client deps update fronts client v2 deps update Oct 18, 2023
@rhystmills
Copy link
Contributor

I see that you've removed the @types/prosemirror... - it looks like the libraries ship their own types now. Did you have to bump the prosemirror packages themselves to get the types?

@dblatcher
Copy link
Contributor Author

I see that you've removed the @types/prosemirror... - it looks like the libraries ship their own types now. Did you have to bump the prosemirror packages themselves to get the types?

I ran yarn upgrade on them, which bumped the actual versions loaded in yarn.lock, but didn't surface the change in package.json. I should actually have updated package.json too - I don't think noticed the types were only provided between the major releases.

eg for prosemirror-commands went from 1.1.0 => 1.5.2, but the types were added in v.1.3.0.

Will push a change!

rhystmills
rhystmills approved these changes Oct 25, 2023
View reviewed changes
Copy link
Contributor

@rhystmills rhystmills left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, and running as expected locally.

Had some odd behaviour when I first tried to run - permissions errors to do with yarn and babel that were preventing the startup script from running. Deleted node_modules and it started working. Don't exactly understand what happened but thought it worth mentioning in case it happens again down the line.

@dblatcher dblatcher merged commit 3f76ad7 into main Oct 25, 2023
1 check passed
@dblatcher dblatcher deleted the dblatcher/fronts-client-deps-update branch October 25, 2023 16:29
@prout-bot
Copy link

Seen on PROD (merged by @dblatcher 15 minutes and 39 seconds ago) Please check your changes!

jonathonherbert pushed a commit that referenced this pull request May 9, 2024
@dblatcher @jonathonherbert
fronts client v2 deps update (#1529)
23663e1 
* update babel, remove guration

* add missing react peer deps

* chore: specify event types

* chore: type ref props

* FocusWrapper cast to same type as Wrapper to preserve native props

* MetaContainerProps

* upgrade jest and webapck

* upgrade enyme

* upgrade recharts

* body parse and loadash

* bump webpack-dev-server

* markdown toc

* bump webpack-cli

* bump jest-enzyme

* upgrade prosemirror, remove stub type modules

* not using babel loader

* upgrade webpack loaders

* yrn upgrade on jest

* upgrade to jest 24

* upgrade to jest 25

* update to jest 26

* remove babel-jest - not used

* react-dates update

* moment and react-dates

* bump recharts

* bump react-redux

* bunp express

* lint

* bump eslint

* bump prosemirror packages to versions set in yarn.lock
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhystmills rhystmills rhystmills approved these changes

Assignees
No one assigned
Labels
Seen-on-PROD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dblatcher @rhystmills @prout-bot