Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[HOLD for payment 2022-10-12] [$250] Upgrade react-native-svg package to the latest version #10221

Closed
trjExpensify opened this issue Aug 2, 2022 · 42 comments
Assignees
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Daily KSv2 Engineering External Added to denote the issue can be worked on by a contributor

Comments

@trjExpensify
Copy link
Contributor

trjExpensify commented Aug 2, 2022

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!


Snyk ID: SNYK-JS-NTHCHECK-1586032
Package: nth-check
Version: 1.0.2
Language: js
Date Introduced: 2022-07-04
Flo/Expensidev/App [main]  $ npm list nth-check                                                                                                                                                                                                                                    [18:34:14]
new.expensify@1.1.82-5 /Users/flo/Expensidev/App
├─┬ @svgr/webpack@5.5.0
│ └─┬ @svgr/plugin-svgo@5.5.0
│   └─┬ svgo@1.3.2
│     └─┬ css-select@2.1.0
│       └── nth-check@1.0.2  deduped
├─┬ html-webpack-plugin@4.5.0
│ └─┬ pretty-error@2.1.2
│   └─┬ renderkid@2.0.4
│     └─┬ css-select@1.2.0
│       └── nth-check@1.0.2  deduped
└─┬ react-native-svg@12.1.0
  └─┬ css-select@2.1.0
    └── nth-check@1.0.2 

(Internal reference) CC: @flodnv @joelbettner
Upwork job URL: https://www.upwork.com/jobs/~014e2ad669b286cdd1

For the proposal it would be good to see:

  • A summary of breaking changes between our current version and the latest version
  • A summary of any peer dependencies that need to be upgraded
  • A list of which breaking changes (if any), affect us, and how to address those changes.
@trjExpensify trjExpensify added External Added to denote the issue can be worked on by a contributor Engineering Daily KSv2 labels Aug 2, 2022
@trjExpensify trjExpensify self-assigned this Aug 2, 2022
@melvin-bot
Copy link

melvin-bot bot commented Aug 2, 2022

Current assignee @trjExpensify is eligible for the External assigner, not assigning anyone new.

@melvin-bot
Copy link

melvin-bot bot commented Aug 2, 2022

Triggered auto assignment to @AndrewGable (Engineering), see https://stackoverflow.com/c/expensify/questions/4319 for more details.

@melvin-bot
Copy link

melvin-bot bot commented Aug 2, 2022

Triggered auto assignment to Contributor-plus team member for initial proposal review - @parasharrajat (Exported)

@melvin-bot melvin-bot bot added the Help Wanted Apply this label when an issue is open to proposals by contributors label Aug 2, 2022
@melvin-bot
Copy link

melvin-bot bot commented Aug 2, 2022

Current assignee @AndrewGable is eligible for the Exported assigner, not assigning anyone new.

@melvin-bot melvin-bot bot changed the title Upgrade react-native-svg package to the latest version [$250] Upgrade react-native-svg package to the latest version Aug 2, 2022
@mateusbra
Copy link
Contributor

PROPOSAL

We need to upgrade the version of react-native-svg to the latest on package.json:

"react-native-svg": "^12.1.0",

to:

"react-native-svg": "^12.4.3",

I tested npm install and it worked fine, so I don't think we are going to have to update any peer deps.

@melvin-bot melvin-bot bot added Daily KSv2 and removed Weekly KSv2 labels Aug 3, 2022
@parasharrajat
Copy link
Member

@mateusbra Looks good. These things need to be tested and verified on the PR.

  1. A thorough check of the app where SVG's are used. Videos should be attached for the same.
  2. Changelog.

cc: @AndrewGable

🎀 👀 🎀 C+ reviewed

@melvin-bot melvin-bot bot added the Overdue label Aug 5, 2022
@parasharrajat
Copy link
Member

Bump @AndrewGable.

@melvin-bot melvin-bot bot removed the Overdue label Aug 5, 2022
@AndrewGable
Copy link
Contributor

Thanks for bump, looks good.

@melvin-bot melvin-bot bot added Weekly KSv2 and removed Help Wanted Apply this label when an issue is open to proposals by contributors Daily KSv2 labels Aug 5, 2022
@melvin-bot
Copy link

melvin-bot bot commented Aug 5, 2022

📣 @mateusbra You have been assigned to this job by @AndrewGable!
Please apply to this job in Upwork and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

@trjExpensify
Copy link
Contributor Author

Sweet! @mateusbra & @parasharrajat can you both apply to the Upwork job here, please?

@parasharrajat
Copy link
Member

@mateusbra When can we expect the PR?

@trjExpensify
Copy link
Contributor Author

Waiting on some input from @AndrewGable - who's back on Monday!

@melvin-bot melvin-bot bot added Overdue and removed Overdue labels Sep 23, 2022
@trjExpensify
Copy link
Contributor Author

^^ no change since Friday melv, jeez!

@melvin-bot melvin-bot bot added Overdue and removed Overdue labels Sep 26, 2022
@trjExpensify
Copy link
Contributor Author

How can we get this one unblocked as it has stalled in review. @AndrewGable, are you able to take a look please?

@melvin-bot melvin-bot bot removed the Overdue label Sep 29, 2022
@parasharrajat
Copy link
Member

parasharrajat commented Sep 29, 2022

I need someone from the internal team to review the vulnerability status that we are trying to fix on that PR. I do not have access to Synk so I can't do that.

PR is looking good but there is no use for my approval if the PR does not serve the purpose for what it is created.

@AndrewGable
Copy link
Contributor

The vulnerability fix is in nth-check versions <2.0.1 (mentioned here). Running the "list" command shows it's been updated to 2.1.1

andrew ➜ (upgrade-react-native-svg) App npm list nth-check
new.expensify@1.2.1-0 /Users/andrew/Expensidev/App
├─┬ @storybook/react@6.5.10
│ └─┬ @storybook/core@6.5.10
│   └─┬ @storybook/core-server@6.5.10
│     ├─┬ @storybook/builder-webpack4@6.5.10
│     │ └─┬ html-webpack-plugin@4.5.2
│     │   └─┬ pretty-error@2.1.2
│     │     └─┬ renderkid@2.0.7
│     │       └─┬ css-select@4.3.0
│     │         └── nth-check@2.1.1 deduped
│     └─┬ @storybook/manager-webpack4@6.5.10
│       └─┬ html-webpack-plugin@4.5.2
│         └─┬ pretty-error@2.1.2
│           └─┬ renderkid@2.0.7
│             └─┬ css-select@4.3.0
│               └── nth-check@2.1.1 deduped
├─┬ @svgr/webpack@5.5.0
│ └─┬ @svgr/plugin-svgo@5.5.0
│   └─┬ svgo@1.3.2
│     └─┬ css-select@2.1.0
│       └── nth-check@1.0.2
├─┬ html-webpack-plugin@5.5.0
│ └─┬ pretty-error@4.0.0
│   └─┬ renderkid@3.0.0
│     └─┬ css-select@4.3.0
│       └── nth-check@2.1.1 deduped
└─┬ react-native-svg@12.4.4
  └─┬ css-select@5.1.0
    └── nth-check@2.1.1

@parasharrajat
Copy link
Member

Ok. Thanks

@melvin-bot
Copy link

melvin-bot bot commented Oct 3, 2022

@AndrewGable, @trjExpensify, @parasharrajat, @mateusbra Whoops! This issue is 2 days overdue. Let's get this updated quick!

@melvin-bot melvin-bot bot added the Overdue label Oct 3, 2022
@trjExpensify
Copy link
Contributor Author

Not overdue, the PR has merged awaiting a deploy to prod.

@melvin-bot melvin-bot bot added Weekly KSv2 Awaiting Payment Auto-added when associated PR is deployed to production and removed Overdue Daily KSv2 labels Oct 3, 2022
@melvin-bot melvin-bot bot changed the title [$250] Upgrade react-native-svg package to the latest version [HOLD for payment 2022-10-12] [$250] Upgrade react-native-svg package to the latest version Oct 5, 2022
@melvin-bot
Copy link

melvin-bot bot commented Oct 5, 2022

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.2.11-4 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

If no regressions arise, payment will be issued on 2022-10-12. 🎊

@melvin-bot melvin-bot bot added Daily KSv2 Overdue and removed Weekly KSv2 labels Oct 12, 2022
@AndrewGable
Copy link
Contributor

Waiting payment

@melvin-bot melvin-bot bot removed the Overdue label Oct 12, 2022
@trjExpensify
Copy link
Contributor Author

Hm, that's annoying. I didn't think Upwork closed jobs with hires. 🤔

New job is here and I've sent offers to both @parasharrajat & @mateusbra.

@trjExpensify
Copy link
Contributor Author

@mateusbra - paid!

@trjExpensify
Copy link
Contributor Author

@parasharrajat - paid!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Daily KSv2 Engineering External Added to denote the issue can be worked on by a contributor
Projects
None yet
Development

No branches or pull requests

6 participants