Skip to content

Dependencies upgrade #3380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Jul 30, 2025
Merged

Dependencies upgrade #3380

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
f08ced6
Update cookie to 1.0.2
T4rk1n Jul 30, 2025
30103ea
update renderer build deps
T4rk1n Jul 30, 2025
b8ae8da
Replace vulnerable request with native fetch for html scripts
T4rk1n Jul 30, 2025
cd3e2a4
update html build deps
T4rk1n Jul 30, 2025
62ccfd8
update lerna
T4rk1n Jul 30, 2025
def70be
update core deps
T4rk1n Jul 30, 2025
8117334
update styled-jsx
T4rk1n Jul 30, 2025
e9dddc1
update table deps
T4rk1n Jul 30, 2025
6deb92e
Fix no ouptut on error & use lts/iron on build windows.
T4rk1n Jul 30, 2025
8f50759
Revert "Fix no ouptut on error & use lts/iron on build windows."
T4rk1n Jul 30, 2025
a66a076
nvm use before commands
T4rk1n Jul 30, 2025
dec82f8
run windows html build separate
T4rk1n Jul 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,14 +163,17 @@ jobs:
- run:
name: npm prereqs
command: |
nvm use 18
npm ci
cd dash/dash-renderer && npm i && cd ../../
cd components/dash-html-components && npm i && npm run extract && cd ../../
- run:
name: ️️🏗️ build dash
command: |
nvm use 18
. venv/Scripts/activate
npm run private::build.jupyterlab && npm run private::build.renderer && python dash/development/update_components.py 'dash-html-components'
npm run private::build.jupyterlab && npm run private::build.renderer
cd components/dash-html-components && npm run build
no_output_timeout: 30m

test-312: &test
Expand Down
1,729 changes: 949 additions & 780 deletions components/dash-core-components/package-lock.json
View file
Open in desktop

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions components/dash-core-components/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,11 @@
"uniqid": "^5.4.0"
},
"devDependencies": {
"@babel/cli": "^7.27.2",
"@babel/core": "^7.27.4",
"@babel/eslint-parser": "^7.27.5",
"@babel/cli": "^7.28.0",
"@babel/core": "^7.28.0",
"@babel/eslint-parser": "^7.28.0",
"@babel/plugin-syntax-dynamic-import": "^7.8.3",
"@babel/preset-env": "^7.27.2",
"@babel/preset-env": "^7.28.0",
"@babel/preset-react": "^7.27.1",
"@plotly/dash-component-plugins": "^1.2.3",
"@plotly/webpack-dash-dynamic-import": "^1.3.0",
Expand All @@ -85,8 +85,8 @@
"react-jsx-parser": "1.21.0",
"rimraf": "^5.0.5",
"style-loader": "^3.3.3",
"styled-jsx": "^3.4.4",
"webpack": "^5.99.9",
"styled-jsx": "^5.1.7",
"webpack": "^5.101.0",
"webpack-cli": "^5.1.4"
},
"optionalDependencies": {
Expand Down
1,558 changes: 464 additions & 1,094 deletions components/dash-html-components/package-lock.json
View file
Open in desktop

Large diffs are not rendered by default.

11 changes: 5 additions & 6 deletions components/dash-html-components/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,10 @@
"ramda": "^0.30.1"
},
"devDependencies": {
"@babel/cli": "^7.27.2",
"@babel/core": "^7.27.4",
"@babel/eslint-parser": "^7.27.5",
"@babel/preset-env": "^7.27.2",
"@babel/cli": "^7.28.0",
"@babel/core": "^7.28.0",
"@babel/eslint-parser": "^7.28.0",
"@babel/preset-env": "^7.28.0",
"@babel/preset-react": "^7.27.1",
"babel-loader": "^9.2.1",
"cheerio": "^0.22.0",
Expand All @@ -49,10 +49,9 @@
"react": "^16.14.0",
"react-docgen": "^5.4.3",
"react-dom": "^16.14.0",
"request": "^2.88.2",
"rimraf": "^5.0.5",
"string": "^3.3.3",
"webpack": "^5.99.9",
"webpack": "^5.101.0",
"webpack-cli": "^5.1.4"
},
"files": [
Expand Down
48 changes: 27 additions & 21 deletions components/dash-html-components/scripts/extract-attributes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

const fs = require('fs');
const cheerio = require('cheerio');
const request = require('request');
const str = require('string');

const htmlURL = 'https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes';
Expand Down Expand Up @@ -136,24 +135,31 @@ function extractElements(attributes) {

// A local copy of the MDN attributes web page has been saved for reference:
// fs.readFile('./data/attributes.html', 'utf-8', (error, html) => {
request(htmlURL, (error, response, html) => {
if (error) {
fetch(htmlURL)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this in with dependencies upgrade? (not arguing against it, just don't understand)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The request dependency keeps on having security vulnerability and there was no resolving from updating, fetch has been natively available since node v18 so I opted to replace it instead.

.then(response => {
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
return response.text();
})
.then(html => {
const html2 = html.split(/\n\r|\r\n|\r|\n/).map(l => l.trimRight()).join('\n');
// write back to the saved copy of MDN attributes so we can see the diff
fs.writeFileSync(htmlPath, html2);

const $ = cheerio.load(html);
const attributes = extractAttributes($);
const elements = extractElements(attributes);
const out = {
attributes,
elements
};

// Print out JSON with 4-space indentation formatting.
// http://stackoverflow.com/a/11276104
const tabWidth = 4;
fs.writeFileSync(dataPath, JSON.stringify(out, null, tabWidth));
})
.catch(error => {
throw error;
}
const html2 = html.split(/\n\r|\r\n|\r|\n/).map(l => l.trimRight()).join('\n');
// write back to the saved copy of MDN attributes so we can see the diff
fs.writeFileSync(htmlPath, html2);

const $ = cheerio.load(html);
const attributes = extractAttributes($);
const elements = extractElements(attributes);
const out = {
attributes,
elements
};

// Print out JSON with 4-space indentation formatting.
// http://stackoverflow.com/a/11276104
const tabWidth = 4;
fs.writeFileSync(dataPath, JSON.stringify(out, null, tabWidth));
});
});
26 changes: 16 additions & 10 deletions components/dash-html-components/scripts/extract-elements.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

const fs = require('fs');
const cheerio = require('cheerio');
const request = require('request');

const refUrl = 'https://developer.mozilla.org/en-US/docs/Web/HTML/Element';
const dataPath = './data/elements.txt';
Expand Down Expand Up @@ -63,14 +62,21 @@ function extractElements($) {
}, []);
}

request(refUrl, (error, response, html) => {
if (error) {
fetch(refUrl)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same question as above - how does this tie to dep upgrade?

.then(response => {
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
return response.text();
})
.then(html => {
const $ = cheerio.load(html);
const elements = extractElements($);
const out = elements.join('\n');

fs.writeFileSync(dataPath, out);
})
.catch(error => {
console.error(error);
process.exit(-1);
}
const $ = cheerio.load(html);
const elements = extractElements($);
const out = elements.join('\n');

fs.writeFileSync(dataPath, out);
});
});
Loading