Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Front-end Dependencies #3138

merged 5 commits into from Aug 12, 2019


Copy link

rajadain commented Aug 9, 2019


Upgrades a number of front-end dependencies for security purposes. See commit messages for details.

Notably, Nunjucks is not upgraded, because we use nunjucksify to make it work with browserify. Unfortunately, nunjucksify hasn't been worked on in 3 years, and the latest version (which we are already on) pulls in the old version of Nunjucks we're trying to move away from. This adds bloat to the JS payload, without solving the original issues, so we're going to defer that for now.

An eventual solution may be to move away from Nunjucks, or move away from Browserify, for the front-end. This will be investigated in #3140.

Connects #3100

Testing Instructions

  • Check out this branch
  • Run ./scripts/ install to update the dependencies
  • Run ./scripts/ --debug --vendor --tests to compile the bundle
  • Run ./scripts/ to run JavaScript tests
    • Ensure all tests pass
  • Go to :8000 and test the app
    • Ensure there are no console errors (outside of the Google Maps API Key warning)
rajadain added 5 commits Aug 5, 2019
This is only a security fix upgrade, so we do not need to
upgrade the related libraries (datepicker, select, table).
3.4.1 is also likely the last release of the Bootstrap 3.x
series, as Bootstrap 4 is now in LTS and Bootstrap 5 will
become current shortly.
This is a big upgrade, unfortuantely necessitated by
security fixes. This upgrade deprecates a number of
Underscore compatible aliases that Lodash supported,
requiring us to rename functions to be more Lodash

This migration was largely informed by the instruction

Also, in cases when both Underscore and Lodash were
used in the same file, we switch to only using Lodash.

If we want to replace Underscore completely and use
Lodash only, we'll have to upgrade Backbone and all
the related libraries. That is a much bigger lift,
and is deferred for a later date.

Also add Lodash as an explicit dependency in the tiler
to upgrade some transitive dependencies.
Copy link

caseycesari left a comment

Exercised the app by doing analysis, running both models, adding and comparing scenarios, making changes to my user profile, and generally just clicking around. No console errors to be found and everything appears to be working. All of the JS tests are passing as well.

Nice job with all of the lodash updates.

@caseycesari caseycesari assigned rajadain and unassigned caseycesari Aug 9, 2019

This comment has been minimized.

Copy link
Member Author

rajadain commented Aug 12, 2019

Thanks for taking a look! Merging now.

@rajadain rajadain merged commit 61098e7 into develop Aug 12, 2019
2 checks passed
2 checks passed
default Build finished.
model-my-watershed-pull-requests Build #4078 succeeded in 10 min
@rajadain rajadain deleted the tt/upgrade-front-end-dependencies branch Aug 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.