build(deps): dependency-updates

[afuetterer]

This PR collects all dependency related updates for rdmo 2.2.0.

[afuetterer]

👍

[MyPyDavid]

ESlint could be updated and pinned to 8.56.0

[MyPyDavid]

need to align

package_json_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.34.0', 'react': '18.2.0'}
pre_commit_config_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.33.2', 'react': '18.2.0'}

[afuetterer]

need to align

package_json_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.34.0', 'react': '18.2.0'} pre_commit_config_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.33.2', 'react': '18.2.0'}

Please feel free to delete this test, if it is annoying. I wanted to make sure, that these versions align, so I came up with this hacky test.

[MyPyDavid]

yes thanks, it makes sense to have this but was also surprised by this hacky test ;)

[MyPyDavid]

New setting in django-allauth, SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX with default "oidc".
It will affect instances that have enabled OpenID Connect providers, the callback URLs need to be adjusted with /oidc/ if kept like this.
Should we set the default SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX="" in rdmo in order to keep the URL structure the same?

https://docs.allauth.org/en/latest/release-notes/recent.html#id8.

You can now specify the URL path prefix that is used for all OpenID Connect providers using SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX. By default, it is set to "oidc", meaning, an OpenID Connect provider with provider ID foo uses /accounts/oidc/foo/login/ as its login URL. Set it to empty ("") to keep the previous URL structure (/accounts/foo/login/).

[jochenklar]

Yes, thanks for catching this.

[afuetterer]

Now, one of the e2e tests fail. Something wrong with the many js updates in this PR?

[MyPyDavid]

Locally, I can't reproduce the failing e2e test. However, I think the FontAwesome icons might be missing now.

In debug browser I see the error:

downloadable font: rejected by sanitizer (font-family: "FontAwesome" style:normal weight:400 stretch:100 src index:1) source: http://localhost:8000/static/management/6d67cba9d29c7edeb12f.woff2?v=4.7.0

[MyPyDavid]

I've added the setting for allauth > 0.60.0 SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX = ""

[MyPyDavid]

Can we keep the node version updated as well? @jochenklar
In .nvmrc it can be lts/hydrogen so that it stays on latest (v18) version.

[jochenklar]

I would say we treat the node version like django or react, only update manually.

[MyPyDavid]

the icons are still missing from the screenshot :/
https://github.com/rdmorganiser/rdmo/actions/runs/8557304508/artifacts/1385463186

[MyPyDavid]

think I've found this icons bug, it's in the generated rdmo\management\static\management\css\management.css and the font-face paths.

@font-face {
  font-family: 'FontAwesome';
  src: url(../286b03bf4cbd3513f64f.eot?v=4.7.0);
  src: url(../286b03bf4cbd3513f64f.eot?#iefix&v=4.7.0) format('embedded-opentype'), url(../6d67cba9d29c7edeb12f.woff2?v=4.7.0) format('woff2'), url(../ec563203d3d7214eb3c8.woff?v=4.7.0) format('woff'), url(../e1b2a70250f70529242f.ttf?v=4.7.0) format('truetype'), url(../a7b5729e90ab92e4a61d.svg?v=4.7.0#fontawesomeregular) format('svg');
  font-weight: normal;
  font-style: normal;
}

the files have some sort of hashes..
when I replace that with:

@font-face {
    font-family: 'FontAwesome';
    src: url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),
         url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff');
    font-weight: normal;
    font-style: normal;
}

the icons appear again! 🎉

dont know exactly where these hashes are coming from..
Maybe from a css related package, that's been updated in here, like css-loader ?

PS https://stackoverflow.com/questions/68634225/webpack-5-file-loader-generates-a-copy-of-fonts-with-hash-name

[afuetterer]

When should this be merged? It has already 30+ commits.

[MyPyDavid]

Im (now finally) going to merge this after tests pass

[MyPyDavid]

Since we're not pinning the patch versions and there is a new Django release https://docs.djangoproject.com/en/dev/releases/4.2.14/ . Should we add --force-reinstall to the release notes?

Same holds for allauth, there are some security fixes in the latest releases.

[jochenklar]

Yes, as an optional line, can you add it to the docs as well?

[MyPyDavid]

ok, rdmorganiser/rdmo-docs#46

[afuetterer]

Awesome, finally. 😄