-
Notifications
You must be signed in to change notification settings - Fork 18
Outdated and Deprecated Dependencies #100
Comments
Thank you for this notice @Tielem! These things move so fast — I vividly remember upgrading I'm not in the Gatsby world at the moment, so PRs are highly appreciated! |
Hey @d4rekanguok I've given this a stab, in my fork - https://github.com/Tielem/gatsby-typescript
As for #3, I could use some feedback/advice. My current "fix" is to remove the local graphql dependency, but that is more a hack than anything. I have a really hard time pinpointing what causes this. You can see the difference if you look at the git history. head works, head-2 doesn't. And a general question: Is there a special reason why you integrated gatsby-plugin-graphql-codegen into gatsby-plugin-ts? Wouldn't they better co-exist? |
@Tielem Thank you so much 🙏 !!
Gatsby relies on graphql@14.6 internally, so there's little we can do until they upgrade to 15 (found this gatsbyjs/gatsby#25906.) We import graphql from
The codegen portion was originally a part of gatsby-plugin-ts. My plan was to move the ts-loader & the codegen stuff each into their own plugins & make |
Closing this issue, since the PR is merged. |
Describe the bug
gatsby-plugin-graphql-codegen depends on @graphql-toolkit/core which is deprecated. This package furthermore depends on lodash, which causes a warning to arise when using gatsby-plugin-ts about prototype polution by lodash.
Tom Reproduce
I have a Gatsby starter (https://github.com/Tielem/gatsby-typescript-eslint-prettier-starter) using gatsby-plugin-ts (and love it), however when you git check out the package and run
npm audit
you get a warning about lodash prototype polution.Environment
Any
Suggested Fix
I've not looked in detail at your packages, but I could look into updating the dependencies (and replacing deprecated) of gatsby-plugin-graphql-codegen and gatsby-plugin-ts. However, ideally you'd use an automated dependency manager. I use renovatebot myself in the starter which works great, and can be configured to only create PR's for major updates, if all tests succeed - but that decision is up to you.
Let me know how you'd like to proceed.
The text was updated successfully, but these errors were encountered: