Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies #143

Merged
merged 3 commits into from
Feb 1, 2022
Merged

Upgrade dependencies #143

merged 3 commits into from
Feb 1, 2022

Conversation

XeR
Copy link
Contributor

@XeR XeR commented Jan 31, 2022

5 vulnerabilities are still present in front.
This is caused by eslint-plugin-graphql being deprecated and pulling outdated dependencies.
The official recommendation is to migrate to graphql-eslint. (I will make an issue for that)

Quasar made me install vue ^3.0.0 and vue-router ^4.0.0 but these versions do not exist. (vue is 2.6.14 and vue-router is 3.5.3).
I don't really know what's up with that. Hopefully somebody with a better understanding of npm's ecosystem can chime in.

Talking about dependencies : maybe we should consider pinning dependencies too ?
I don't think we really want dependencies to upgrade automatically to the latest -liberty version.

@XeR
Front: update dependencies
4a8ccd2 
5 vulnerabilities found - Packages audited: 1279
Severity: 4 Moderate | 1 High

These are caused by eslint-plugin-graphql being deprecated since 2022-01-25.
See: https://github.com/apollographql/eslint-plugin-graphql
@XeR
API: update dependencies
afad3af 
0 vulnerabilities found - Packages audited: 463
Done in 0.54s.
@XeR
Front: add vue and router
827b0c1 
Quasar stops pulling vue and router automatically after the upgrade.

This means that now, running `quasar build` will not build the SPA. It will pull
vue and router first, and you need to run `quasar build` a *second* time to get
it to compile properly.
@XeR XeR mentioned this pull request Jan 31, 2022
Open
@XeR XeR added the dependencies Pull requests that update a dependency file label Jan 31, 2022
JJ-8
JJ-8 approved these changes Feb 1, 2022
View reviewed changes
Copy link
Collaborator

@JJ-8 JJ-8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@XeR, are there any problems left? I tried installing it with yarn install and it works without any problems. Also starting the dev server with yarn run dev has no issues.

@XeR
Copy link
Contributor Author

XeR commented Feb 1, 2022

@XeR, are there any problems left?

Except for the vulnerabilities in the deprecated dependency (#144) and the wall of warnings, nothing that I am aware of.

It feels strange that Quasar asked me to import versions of packages that do not exist on npm... but after checking on main, it looks like it's automatically pulling vue 3.2.22 and vue-router 4.0.12.
I do not really know where they come from (yarn's next ?). At least this is consistent.

I tried installing it with yarn install and it works without any problems. Also starting the dev server with yarn run dev has no issues.

Thanks !
I downloaded the dependencies, rebuilt CTFNote and tested the main features (registration, login, import, task creation, etc.) before opening this PR and did not find any regression.

@XeR XeR merged commit 31254fe into TFNS:dev Feb 1, 2022
@XeR XeR deleted the 00-upgrade-dependencies branch February 1, 2022 12:39
@XeR XeR mentioned this pull request Feb 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JJ-8 JJ-8 JJ-8 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@XeR @JJ-8