[PWA-2400] Update packages and dependencies #3611
Conversation
jeremycharron
changed the title
|
jeremycharron
added
the
version: Minor
| @@ -44,9 +44,6 @@ test('is a yargs builder', async () => { | |||
| ); | |||
|
|
|||
| expect(output).toMatch('Create a PWA'); | |||
|
|
|||
| // throws because it wants a positional argument--just checking | |||
| expect(() => createProjectCliBuilder.builder(yargs)).toThrow('positional'); | |||
There was a problem hiding this comment.
Actually not sure about this one. Tests are failing if we keep this. Any feedback is appreciated.
There was a problem hiding this comment.
I thought it was an old obsolete test but unfortunately, it runs just fine in develop, so maybe something has changed in this PR:
Develop:
There was a problem hiding this comment.
Yes, the test only fails on this branch. If I recall, if was something about .toThrow('positional');
There was a problem hiding this comment.
Here's the error generated when running yarn test :
There was a problem hiding this comment.
@jeremycharron did you check yargs release notes for this particular exception not throwing?
There was a problem hiding this comment.
@pedrochiossi
I'm seeing this as of version 17.0.0 :
.positional() now allowed at root level of yargs
There was a problem hiding this comment.
@jeremycharron I don't think this is related, I would look for something on builder function, but if seems it's not on their release notes.
There was a problem hiding this comment.
@tjwiebell has written a new test. I will get in touch with him so we can replace this one.
There was a problem hiding this comment.
Everything seems fine, I have done a smoke test, scaffold test, lint test, prettier test, jest test and a cypress test.
Nice work @jeremycharron
I do have couple of questions though, please check them out.
| logLevel: 'error' | ||
| }).apply(this.compiler); | ||
| new CopyPlugin( | ||
| { patterns: Object.values(this.assetMap) }, |
There was a problem hiding this comment.
Did they happen to change the syntax for the CopyPlugin?
There was a problem hiding this comment.
Yes, we need to have an object now. Ref : https://github.com/webpack-contrib/copy-webpack-plugin/releases/tag/v6.0.0
| @@ -4,7 +4,7 @@ import { createTestInstance } from '@magento/peregrine'; | |||
| import Options from '../options'; | |||
|
|
|||
| jest.mock('../../../classify'); | |||
| jest.mock('uuid/v4', () => () => '00000000-0000-0000-0000-000000000000'); | |||
| jest.mock('uuid', () => () => '00000000-0000-0000-0000-000000000000'); | |||
There was a problem hiding this comment.
I see many such mock updates, is this a code change from the UUID package?
There was a problem hiding this comment.
Yes, unfortunately uuid/v4 is deprecated, we must use uuid now. Ref : https://www.npmjs.com/package/uuid#deep-requires-now-deprecated
m2-community-project
bot
added
Progress: changes requested
and removed
Progress: ready for review
labels
m2-community-project
bot
added
Progress: review
and removed
Progress: changes requested
labels
dpatil-magento
force-pushed
the
jcharron/PWA-2400-update-packages-and-dependencies
branch
from
cfe7d52
to
0d97355
Compare
|
Scaffold build is now successful. |
|
Here are the audit results on moment of QA. Project Root - Before
Scaffold - Before
Project Root - After
Scaffold - After
|
|
@jeremycharron
Expected Current result Tested scaffolding with Yarn and NPM and everything worked fine for watch and build. ✅ Cypress tests ✅ |
…github.com:magento/pwa-studio into jcharron/PWA-2400-update-packages-and-dependencies
|
I pushed a fix for
|
Description
Update packages and dependencies to reduce number of High+ vulnerabilities in yarn and npm audit
yarn auditvulnerabilities were reduced from 82 to 21npm auditvulnerabilities were reduced from 78 to 17Vulnerabilities related to Webpack 5, ESLint 8 and Storybook were out of scope as they have dedicated stories.
Related Issue
Closes PWA-2400
Acceptance
Verification Stakeholders
Project maintainers
Specification
Dependencies from root package, create-pwa, pwa-buildpack, venia-concept, venia-integration-tests are impacted
Still generating vulnerabilities - refactor required
@storybook/react: 6.3.7 / 6.4.8 (To be updated in PWA-1867)webpack: 4.46.0 / 5.65.0 (To be updated to 5 in PWA-1893)copy-webpack-plugin: Updated to 6.4.0 / 10.0 (7.0 and adove requires Webpack5, tbd in PWA-1893).boxen: 5.1.2 / 6.2.1 (Version 6 introduces breaking changes - now pure ESM imports)@pmmmwh/react-refresh-webpack-plugin: 0.4.3 / 0.5.3Still generating vulnerabilities - module updated to latest version
danger: 10.7.1 / 10.7.1 (published a month ago)graphql-cli: 4.1.0 / 4.1.0 (published a year ago)@graphql-cli/validate: 2.1.0 / 2.1.0 (published 2 years ago)eslint-plugin-package-json: 0.1.4 / 0.1.4 (published 2 years ago)tap-diff: 0.1.1 / 0.1.1 (published 6 years ago).No longer generating vulnerabilities
eslint: Updated to 7.32.0 / latest 8.4.1 (Breaking changes - To be updated in PWA-2451)jest: Updated to 26.6.3 / latest 27.4.3 (Version 27 has multiple breaking changes)chokidar: Updated to 3.5.2coveralls: Updated to 3.1.1graphql-config: Updated to 3.4.1jest-junit: Updated to 13.0.0bundlesize: Updated to 0.18.1inquirer: Updated to 8.2.0envalid: Updated to 6.0.1yargs: Updated to 17.3.0sharp: Updated to 0.29.3Verification Steps
Test scenario(s) for direct fix/feature
yarn auditandnpm auditat root, and verify vulnerabilities have been reducedyarn testworks properlyyarn run lintandyarn run prettierstill worksyarn buildandyarn startstill worksIs Browser/Device testing needed?
No, device and browser testing is not needed
Any ad-hoc/edge case scenarios that need to be considered?
Not that I can think of, but I still have limited knowledge of the full solution, so any feedback is appreciated
Screenshots / Screen Captures (if appropriate)
Breaking Changes (if any)
Should not have any breaking change
Checklist