Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

Outdated and Deprecated Dependencies #100

Closed
Tielem opened this issue Jul 14, 2020 · 4 comments
Closed

Outdated and Deprecated Dependencies #100

Tielem opened this issue Jul 14, 2020 · 4 comments

Comments

@Tielem
Copy link
Contributor

Tielem commented Jul 14, 2020

Describe the bug

gatsby-plugin-graphql-codegen depends on @graphql-toolkit/core which is deprecated. This package furthermore depends on lodash, which causes a warning to arise when using gatsby-plugin-ts about prototype polution by lodash.

Tom Reproduce

I have a Gatsby starter (https://github.com/Tielem/gatsby-typescript-eslint-prettier-starter) using gatsby-plugin-ts (and love it), however when you git check out the package and run npm audit you get a warning about lodash prototype polution.

Environment

Any

Suggested Fix

I've not looked in detail at your packages, but I could look into updating the dependencies (and replacing deprecated) of gatsby-plugin-graphql-codegen and gatsby-plugin-ts. However, ideally you'd use an automated dependency manager. I use renovatebot myself in the starter which works great, and can be configured to only create PR's for major updates, if all tests succeed - but that decision is up to you.

Let me know how you'd like to proceed.
@d4rekanguok
Copy link
Owner

Thank you for this notice @Tielem! These things move so fast — I vividly remember upgrading graphql-toolkit to @graphql-toolkit/xxx just not that long ago.

I'm not in the Gatsby world at the moment, so PRs are highly appreciated!

@Tielem
Copy link
Contributor Author

Tielem commented Jul 29, 2020

Hey @d4rekanguok

I've given this a stab, in my fork - https://github.com/Tielem/gatsby-typescript

  1. All dependencies have been updated to latest version
  2. I have renovate bot running on it, but not 100% happy yet about the config. Will look further into this
  3. I ran into an issue with graphql. If I update it to 15.3.0 (or whatever latest is), I run into an error with multiple versions of graphql conflicting
  4. I resolved a number of linting errors and some other errors introduced, I think, by upgrading the dependencies

As for #3, I could use some feedback/advice. My current "fix" is to remove the local graphql dependency, but that is more a hack than anything. I have a really hard time pinpointing what causes this. You can see the difference if you look at the git history. head works, head-2 doesn't.

And a general question: Is there a special reason why you integrated gatsby-plugin-graphql-codegen into gatsby-plugin-ts? Wouldn't they better co-exist?

@d4rekanguok
Copy link
Owner

@Tielem Thank you so much 🙏 !!

I ran into an issue with graphql. If I update it to 15.3.0 (or whatever latest is), I run into an error with multiple versions of graphql conflicting

Gatsby relies on graphql@14.6 internally, so there's little we can do until they upgrade to 15 (found this gatsbyjs/gatsby#25906.) We import graphql from gatsby/graphql instead of just graphql for this reason.

And a general question: Is there a special reason why you integrated gatsby-plugin-graphql-codegen into gatsby-plugin-ts? Wouldn't they better co-exist?

The codegen portion was originally a part of gatsby-plugin-ts. My plan was to move the ts-loader & the codegen stuff each into their own plugins & make gatsby-plugin-ts a theme with all these plugins preconfigured, but I haven't gotten to it!

@Tielem Tielem mentioned this issue Aug 3, 2020
Merged
@Tielem
Copy link
Contributor Author

Tielem commented Aug 5, 2020

Closing this issue, since the PR is merged.

@Tielem Tielem closed this as completed Aug 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tielem @d4rekanguok