-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PWA-2400] Update packages and dependencies #3611
[PWA-2400] Update packages and dependencies #3611
Conversation
|
@@ -44,9 +44,6 @@ test('is a yargs builder', async () => { | |||
); | |||
|
|||
expect(output).toMatch('Create a PWA'); | |||
|
|||
// throws because it wants a positional argument--just checking | |||
expect(() => createProjectCliBuilder.builder(yargs)).toThrow('positional'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually not sure about this one. Tests are failing if we keep this. Any feedback is appreciated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the test only fails on this branch. If I recall, if was something about .toThrow('positional');
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jeremycharron did you check yargs release notes for this particular exception not throwing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pedrochiossi
I'm seeing this as of version 17.0.0 :
.positional() now allowed at root level of yargs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jeremycharron I don't think this is related, I would look for something on builder function, but if seems it's not on their release notes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tjwiebell has written a new test. I will get in touch with him so we can replace this one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything seems fine, I have done a smoke test, scaffold test, lint test, prettier test, jest test and a cypress test.
Nice work @jeremycharron
I do have couple of questions though, please check them out.
logLevel: 'error' | ||
}).apply(this.compiler); | ||
new CopyPlugin( | ||
{ patterns: Object.values(this.assetMap) }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did they happen to change the syntax for the CopyPlugin
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we need to have an object now. Ref : https://github.com/webpack-contrib/copy-webpack-plugin/releases/tag/v6.0.0
@@ -4,7 +4,7 @@ import { createTestInstance } from '@magento/peregrine'; | |||
import Options from '../options'; | |||
|
|||
jest.mock('../../../classify'); | |||
jest.mock('uuid/v4', () => () => '00000000-0000-0000-0000-000000000000'); | |||
jest.mock('uuid', () => () => '00000000-0000-0000-0000-000000000000'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see many such mock updates, is this a code change from the UUID
package?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, unfortunately uuid/v4
is deprecated, we must use uuid
now. Ref : https://www.npmjs.com/package/uuid#deep-requires-now-deprecated
cfe7d52
to
0d97355
Compare
Scaffold build is now successful. |
Here are the audit results on moment of QA. Project Root - Before
Scaffold - Before
Project Root - After
Scaffold - After
|
@jeremycharron
Tested scaffolding with Yarn and NPM and everything worked fine for watch and build. ✅ Cypress tests ✅ |
…github.com:magento/pwa-studio into jcharron/PWA-2400-update-packages-and-dependencies
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good!
Description
Update packages and dependencies to reduce number of High+ vulnerabilities in yarn and npm audit
yarn audit
vulnerabilities were reduced from 82 to 21npm audit
vulnerabilities were reduced from 78 to 17Vulnerabilities related to Webpack 5, ESLint 8 and Storybook were out of scope as they have dedicated stories.
Related Issue
Closes PWA-2400
Acceptance
Verification Stakeholders
Project maintainers
Specification
Dependencies from root package, create-pwa, pwa-buildpack, venia-concept, venia-integration-tests are impacted
Still generating vulnerabilities - refactor required
@storybook/react
: 6.3.7 / 6.4.8 (To be updated in PWA-1867)webpack
: 4.46.0 / 5.65.0 (To be updated to 5 in PWA-1893)copy-webpack-plugin
: Updated to 6.4.0 / 10.0 (7.0 and adove requires Webpack5, tbd in PWA-1893).boxen
: 5.1.2 / 6.2.1 (Version 6 introduces breaking changes - now pure ESM imports)@pmmmwh/react-refresh-webpack-plugin
: 0.4.3 / 0.5.3Still generating vulnerabilities - module updated to latest version
danger
: 10.7.1 / 10.7.1 (published a month ago)graphql-cli
: 4.1.0 / 4.1.0 (published a year ago)@graphql-cli/validate
: 2.1.0 / 2.1.0 (published 2 years ago)eslint-plugin-package-json
: 0.1.4 / 0.1.4 (published 2 years ago)tap-diff
: 0.1.1 / 0.1.1 (published 6 years ago).No longer generating vulnerabilities
eslint
: Updated to 7.32.0 / latest 8.4.1 (Breaking changes - To be updated in PWA-2451)jest
: Updated to 26.6.3 / latest 27.4.3 (Version 27 has multiple breaking changes)chokidar
: Updated to 3.5.2coveralls
: Updated to 3.1.1graphql-config
: Updated to 3.4.1jest-junit
: Updated to 13.0.0bundlesize
: Updated to 0.18.1inquirer
: Updated to 8.2.0envalid
: Updated to 6.0.1yargs
: Updated to 17.3.0sharp
: Updated to 0.29.3Verification Steps
Test scenario(s) for direct fix/feature
yarn audit
andnpm audit
at root, and verify vulnerabilities have been reducedyarn test
works properlyyarn run lint
andyarn run prettier
still worksyarn build
andyarn start
still worksIs Browser/Device testing needed?
No, device and browser testing is not needed
Any ad-hoc/edge case scenarios that need to be considered?
Not that I can think of, but I still have limited knowledge of the full solution, so any feedback is appreciated
Screenshots / Screen Captures (if appropriate)
Breaking Changes (if any)
Should not have any breaking change
Checklist