deps(scale): bump d3-interpolate and d3-scale
#1578
Conversation
|
After bumping the dependency versions, Jest started failing because it doesn't have great support for ES Modules and some d3 packages are now only published as ES Modules (e.g., d3-scale and d3-interpolate). Adding a regex for those packages in Jest's babel-jest: Babel ignores node_modules/internmap/src/index.js - make sure to include the file in Jest's transformIgnorePatterns as well.Unfortunately, I haven't found a way to override the default ignored files in Babel's config generated by Nimbus. I've tested manually setting the "ignore": [
"coverage/",
"node_modules/(?!(d3-(array|color|format|interpolate|scale|time|time-format)|internmap)/)",
"public/",
"esm/",
"lib/",
"tmp/",
"dist/",
"*.d.ts",
"__tests__",
"__mocks__"
],I also included changes to |
|
Maybe you can fix it with moduleNameMapper: Of course, you can change the above regexps to have only entry. @jreyes33 when do you think we can have current PR merged? |
|
@williaster , do you think that current dependencies updates will make it in a future release? |
|
hey y'all sorry I haven't had a ton of bandwidth to dig into this more. the I'll try to see if I can tinker with config overrides, thanks for sharing all the detailed issues you've encountered so far. |
|
@williaster, just tried that and it's sadly not working. Here's the generated module.exports = {
"ignore": [
"coverage/",
"node_modules/",
"public/",
"esm/",
"lib/",
"tmp/",
"dist/",
"*.d.ts",
"__tests__",
"__mocks__",
"node_modules/(?!(d3-(array|color|format|interpolate|scale|time|time-format)|internmap)/)"
],
// …
};The problem, AFAICT, is that the second item in that array is overeager and ignores the whole This seems to originate from here: https://github.com/airbnb/nimbus/blob/%40airbnb/config-babel%403.1.0/packages/config-babel/src/index.ts#L107 …which in turn comes from here: https://github.com/airbnb/nimbus/blob/%40airbnb/nimbus-common%403.0.1/packages/nimbus-common/src/constants.ts#L11-L20 …so I have no clue how such a constant could be worked around. |
|
@jreyes33 First of all: Thanks for your effort! This issue has been in our audit logs for quite some time now. Can't we just add a script that removes the
|
|
@lausek, I don't know; I'm not a repo maintainer, just the PR author. A maintainer should weigh in. |
|
Definitely open to patching, not quite sure how to do it though because running if this is only needed for jest tho, perhaps it would work and we could call it when running the |
|
For anyone that requires an immediate workaround for this, this method provided by haydn works wonders: #1577 (comment) |
|
@jreyes33 I just landed the migration off nimbus, do you want to try rebasing on top of that and adding the necessary config to the now-committed jest/babel configs? if you are out of bandwidth let me know and I can take over this PR, you've already done that hard part! |
Closes #1577 Bumping these packages allows for `d3-color` version 3.1.0 or higher to be installed, fixing this vulnerability: GHSA-36jr-mh4h-2g58
|
@williaster, I've updated the PR. Tests passed locally after my last commit updating babel and jest configs: 7c80c8e. |
There was a problem hiding this comment.
amazing, thanks so much @jreyes33 – especially for being patient with the nimbus nonsense 🙏
|
🎉 This PR is included in version |
|
ah looks like we didn't update I tried adding the |
|
Updating |
|
This broke our build due to the ESM requirement after doing a blind This should be a breaking change and therefore a major version update? |
This reverts commit 0f7ee0a.
Closes #1577
Bumping these packages allows for
d3-colorversion 3.1.0 or higher tobe installed, fixing this vulnerability:
GHSA-36jr-mh4h-2g58
🐛 Bug Fix