Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update lots of deps, webpack 5, ts 4, etc. #61

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

Update lots of deps, webpack 5, ts 4, etc. #61

wants to merge 19 commits into from

Conversation

rpavlik
Copy link

@rpavlik rpavlik commented Jan 24, 2023
edited
Loading

This is what I needed to build for a modern node.js and resolve security issues. Looks like at least a little (the passport thing) is already in production on the server? This does all work, at least when I test using my MongoDB-using fork.

@dependabot
Bump axios from 0.16.2 to 0.21.2
0fa298a 
Bumps [axios](https://github.com/axios/axios) from 0.16.2 to 0.21.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.2/CHANGELOG.md)
- [Commits](axios/axios@v0.16.2...v0.21.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@rpavlik
Copy link
Author

rpavlik commented Jan 25, 2023

OK, these fixes actually appear to work, at least in my fork where I ported to use the MongoDB driver instead of Azure CosmosDB.

@rpavlik rpavlik force-pushed the reckless-updates branch 3 times, most recently from 3625417 to a41acaf Compare January 25, 2023 17:37
@rpavlik rpavlik marked this pull request as ready for review January 25, 2023 18:46
@rpavlik rpavlik changed the title Many not-fully-tested updates Update lots of deps, webpack 5, ts 4, etc. Jan 25, 2023
dependabot bot and others added 18 commits January 25, 2023 12:48
@dependabot @rpavlik
Bump engine.io and socket.io
95f48b5 
Bumps [engine.io](https://github.com/socketio/engine.io) to 3.6.1 and updates ancestor dependency [socket.io](https://github.com/socketio/socket.io). These dependencies need to be updated together.


Updates `engine.io` from 3.3.2 to 3.6.1
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](socketio/engine.io@3.3.2...3.6.1)

Updates `socket.io` from 2.2.0 to 2.5.0
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io@2.2.0...2.5.0)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-type: indirect
- dependency-name: socket.io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @rpavlik
Bump css-what from 2.1.0 to 2.1.3
10fff13 
Bumps [css-what](https://github.com/fb55/css-what) from 2.1.0 to 2.1.3.
- [Release notes](https://github.com/fb55/css-what/releases)
- [Commits](fb55/css-what@v2.1.0...v2.1.3)

---
updated-dependencies:
- dependency-name: css-what
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @rpavlik
Bump minimatch from 3.0.4 to 3.0.8
d45f1c7 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.0.8.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.0.8)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @rpavlik
Bump scss-tokenizer and node-sass
238aa5a 
Bumps [scss-tokenizer](https://github.com/sasstools/scss-tokenizer) to 0.4.3 and updates ancestor dependency [node-sass](https://github.com/sass/node-sass). These dependencies need to be updated together.


Updates `scss-tokenizer` from 0.2.3 to 0.4.3
- [Release notes](https://github.com/sasstools/scss-tokenizer/releases)
- [Commits](sasstools/scss-tokenizer@v0.2.3...v0.4.3)

Updates `node-sass` from 4.11.0 to 8.0.0
- [Release notes](https://github.com/sass/node-sass/releases)
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md)
- [Commits](sass/node-sass@v4.11.0...v8.0.0)

---
updated-dependencies:
- dependency-name: scss-tokenizer
  dependency-type: indirect
- dependency-name: node-sass
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@rpavlik
Add devcontainer
a06f3d0
@rpavlik
Update to TS4 and Webpack 5 (with associated plugin updates)
c429c60
@rpavlik
Some more tweaks, nearly can build backend
a6e7c77
@rpavlik
small updates
9b4580c
@rpavlik
Fix backend build so it works.
4e18886
@rpavlik
Fix final warnings with another upgrade
8857d32
@rpavlik
Build fix
bd61516
@rpavlik
Fix css extraction after upgrade to webpack 5
575335d
@rpavlik
Use css minimizer in production
6437453
@rpavlik
Fix warning
4f1e50f
@rpavlik
npm upgrade
b239750
@rpavlik
Update mentioned version of @types/node
ee9d285
@rpavlik
Update github API package
0883241
@rpavlik
Update passport for security fix
82b5d4e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@rpavlik