Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Upgrade Front-end Dependencies #3138
Upgrades a number of front-end dependencies for security purposes. See commit messages for details.
Notably, Nunjucks is not upgraded, because we use nunjucksify to make it work with browserify. Unfortunately, nunjucksify hasn't been worked on in 3 years, and the latest version (which we are already on) pulls in the old version of Nunjucks we're trying to move away from. This adds bloat to the JS payload, without solving the original issues, so we're going to defer that for now.
An eventual solution may be to move away from Nunjucks, or move away from Browserify, for the front-end. This will be investigated in #3140.
This is only a security fix upgrade, so we do not need to upgrade the related libraries (datepicker, select, table). 3.4.1 is also likely the last release of the Bootstrap 3.x series, as Bootstrap 4 is now in LTS and Bootstrap 5 will become current shortly.
This is a big upgrade, unfortuantely necessitated by security fixes. This upgrade deprecates a number of Underscore compatible aliases that Lodash supported, requiring us to rename functions to be more Lodash compatible. This migration was largely informed by the instruction here: https://github.com/lodash/lodash/wiki/Migrating Also, in cases when both Underscore and Lodash were used in the same file, we switch to only using Lodash. If we want to replace Underscore completely and use Lodash only, we'll have to upgrade Backbone and all the related libraries. That is a much bigger lift, and is deferred for a later date. Also add Lodash as an explicit dependency in the tiler to upgrade some transitive dependencies.
caseycesari left a comment
Exercised the app by doing analysis, running both models, adding and comparing scenarios, making changes to my user profile, and generally just clicking around. No console errors to be found and everything appears to be working. All of the JS tests are passing as well.
Nice job with all of the lodash updates.