Reoccurring: Update renovate dependencies [On-call] [Ops-lead] [Weekly tasks]

[jimleroyer]

Description

As an ops lead,
I want Notify patched with its dependencies,
So that it is secure and running the latest.

As a GCNotify user,
I want Notify secure,
So that I can trust it.

Timebox and role

This task is meant for the weekly ops lead, to maintain our dependencies. We prefer to spend small time to do it iteratively rather than wait for months to do it, taking weeks in the process.

This is ideally done on the ops lead time, requiring the role to let aside regular tasks for support as this one task.

Acceptance Criteria** (Definition of done)

• Update component in the task list with the latest date that the dependency bump was applied.
• Write as a comment to this card which tasks on which component were done.

Tasks

• notification-utils
  • major deps / March 15
  • minor deps / March 15
  • patches / April 17
  • chore branches / May 15
  • lockfile / April 17
• notification-admin
  • major deps / January 16
  • minor deps / Aug 23
  • chore branches / May 16
  • lockfile / April 13
  • docker images / May 16
  • Many depricated javascript module!

npm WARN deprecated axe-cli@3.2.1: deprecated
npm WARN deprecated axe-webdriverjs@2.3.0: deprecated
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated mkdirp@0.3.0: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated fsevents@1.2.13: The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated

• notification-api

  • major deps / January 16
  • minor deps / April 13
  • patches / Aug 23
  • chore branches / May 16

• notification-document-download-api

  • major deps / March 16
  • minor deps / March 16
  • docker images / June 15
  • lockfile / June 15
  • chore branches / May 16

• notification-documentation

  • major deps / January 16
  • minor deps / January 16
  • chore branches / January 16

• notification-manifests

  • major deps / Aug 23
  • minor deps / Aug 23
  • chore branches / Aug 23

• notification-pr-bot

  • major deps / January 16
  • minor deps / January 16
  • chore branches / January 16

• notification-terraform

  • major deps / January 16
  • minor deps / January 16
  • patch deps / Aug 31
  • chore branches / January 16

• ipv4-geolocate-webservice

  • major deps / Feb 13
  • minor deps / Feb 13
  • patch deps / Feb 13
  • chore branches / Feb 13

QA Steps

• Local environment run fine locally (when appropriate)
• Review environment run fine
• Staging environment run fine
• Run smoke tests on staging

[smcmurtry]

Andrew is on vacation today, may pick up again tomorrow.

[andrewleith]

I started on this last week and got the minor bumps in api done, but now that poetry is merged in it may change things. Will touch base today with @whabanks to understand the impact.

[yaelberger-commits]

Jumana worked on this and handing off to Will

[yaelberger-commits]

Friday Will booked Node version, will push today when Github is back up.

[andrewleith]

• Not much progress on this one this week

[YedidaZalik]

Steve A is Ops lead so he is working on this. Since no one in our team is on Ops lead can move to Sprint backlog.