You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pro-tip: ignore warnings about deprecated packages until you have completed upgrade of major releases. Often major releases will fix deprecated warnings.
Check the /.patches/ directory in the root (if present), and see if there are any npm packages that have overrides for their code.
When for a patch/minor/major update these package are updated, you must also update the patch.
Sometimes the patch is no longer necessary, because the bug that the patch is for has been fixed in the actual package. Read the commit message for the patch, or read the GitHub PR comments or the related GitHub issue comments to find out what the patch was for.
if a package that has a patch file
Upgrade all npm dependencies
at least install pnpm run update-patch.
Run npm run test-update and see if the build/lint/test scripts are still OK
not all packages follow semantic versioning, especally 0.x.x versions. They will be installed as part of update-patch unfortunately, so update-patch sometimes isn't completely safe. Check if any packages have upgrades like 0.1.2 ➝ 0.1.9.
If a patch update is problematic, you can add the package to the "ignore updates" list in .ncurc.patch.js.
ideally install pnpm run update-minor.
Run npm run test-update and see if the build/lint/test scripts are still OK
If a minor update is problematic, you can add the package to the "ignore updates" list in .ncurc.minor.js.
if there is time, install pnpm run update-major.
Run npm run test-update and see if the build/lint/test scripts are still OK
If a major update is problematic, you can add the package to the "ignore updates" list in .ncurc.major.js.
make an issue for minor/major upgrades that require so much time we better schedule it in a sprint
Upgrade all GitHub Action dependencies
Dependabot PRs are a great way to detect outdated dependencies in GitHub Actions
Upgrade to Node LTS version (long term support)
package.json
.github/workflows/*node-version
Upgrade to latest pnpm version
.github/workflows/*
package.json
Upgrade all vulnerable dependencies
If there are still deprecated warnings at this stage, check if they are direct dependencies? Are the dependencies mentioned in our own package.json files? Then it its probably worthwhile to investigate why the package is deprecated. A good information source is often the README on the page about the package on npmjs.com. They will likely mention the reason for deprecating the page (e.g: no time to install security patches, you are on your own!) and they might even suggest alternative packages.
The text was updated successfully, but these errors were encountered:
Sometimes the patch is no longer necessary, because the bug that the patch is for has been fixed in the actual package. Read the commit message for the patch, or read the GitHub PR comments or the related GitHub issue comments to find out what the patch was for.
Pro-tip: ignore warnings about deprecated packages until you have completed upgrade of major releases. Often major releases will fix deprecated warnings.
/.patches/
directory in the root (if present), and see if there are any npm packages that have overrides for their code.pnpm run update-patch
.npm run test-update
and see if the build/lint/test scripts are still OK0.x.x
versions. They will be installed as part ofupdate-patch
unfortunately, soupdate-patch
sometimes isn't completely safe. Check if any packages have upgrades like0.1.2
➝0.1.9
..ncurc.patch.js
.pnpm run update-minor
.npm run test-update
and see if the build/lint/test scripts are still OK.ncurc.minor.js
.pnpm run update-major
.npm run test-update
and see if the build/lint/test scripts are still OK.ncurc.major.js
.package.json
.github/workflows/*
node-version
pnpm
version.github/workflows/*
package.json
package.json
files? Then it its probably worthwhile to investigate why the package is deprecated. A good information source is often the README on the page about the package on npmjs.com. They will likely mention the reason for deprecating the page (e.g: no time to install security patches, you are on your own!) and they might even suggest alternative packages.The text was updated successfully, but these errors were encountered: