Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update all dependencies #369

Merged
merged 2 commits into from
Sep 19, 2022
Merged

Update all dependencies #369

merged 2 commits into from
Sep 19, 2022

Conversation

DanCech
Copy link
Contributor

@DanCech DanCech commented Sep 15, 2022

There are several dependencies which are out of date, and both dompurify and jsdom recommend upgrading to the latest releases as they have fixes for some edge cases.

This PR updates all dependencies to the latest available releases, and corrects a couple of issues flagged by the updated versions of prettier and eslint. In my local testing everything appears to be working as expected.

Clarity-89
Clarity-89 reviewed Sep 16, 2022
View reviewed changes
Copy link
Contributor

@Clarity-89 Clarity-89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! Didn't think this will work but not getting any errors after testing 🎉

I think we'd pin the exact versions of all the packages to avoid differences in the built packages, what do you think?

The only warning I get when installing the dependencies is poolpeteer@0.23.3" has incorrect peer dependency "puppeteer@^13.1.1"., @ArturWierzbicki seems like that's your package, do you think it could be updated to use the latest puppeteer version?

The Husky hooks also need to be updated, since we have an old setup which doesn't work with the latest version but I can do that in a separate PR.

@ArturWierzbicki
Copy link
Contributor

The only warning I get when installing the dependencies is poolpeteer@0.23.3" has incorrect peer dependency "puppeteer@^13.1.1"., @ArturWierzbicki seems like that's your package, do you think it could be updated to use the latest puppeteer version?

Sure, will do in another PR - I don't see breaking changes so this should work as is

@DanCech
Copy link
Contributor Author

DanCech commented Sep 16, 2022

I think we'd pin the exact versions of all the packages to avoid differences in the built packages, what do you think?

I don't think that's necessary since we have the yarn.lock file, so the build should always use those versions. It doesn't make a huge difference though since you're going to need to use yarn upgrade --latest anyway to upgrade the dependencies.

It's likely better to just use --pure-lockfile when installing (which the build scripts do) since that way you're guaranteed to have the same versions of all sub-dependencies, otherwise those could be different even if the 1st-level dependencies in package.json are all pinned to a specific version.

@DanCech DanCech merged commit 5aa63f7 into master Sep 19, 2022
@DanCech DanCech deleted the update-deps branch September 19, 2022 13:56
@Clarity-89 Clarity-89 mentioned this pull request Sep 23, 2022
Closed
@joanlopez joanlopez mentioned this pull request Jan 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Clarity-89 Clarity-89 Clarity-89 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DanCech @ArturWierzbicki @Clarity-89