Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

package: bump all module versions #204

Closed
mvidalgarcia opened this issue Nov 10, 2021 · 2 comments · Fixed by #212 or #213
Closed

package: bump all module versions #204

mvidalgarcia opened this issue Nov 10, 2021 · 2 comments · Fixed by #212 or #213
Assignees
@mvidalgarcia

Comments

@mvidalgarcia
Copy link
Member

Many vulnerabilities found: https://github.com/reanahub/reana-ui/security/dependabot

Two dependabot PRs
@mvidalgarcia mvidalgarcia self-assigned this Dec 20, 2021
mvidalgarcia pushed a commit to mvidalgarcia/reana-ui that referenced this issue Jan 12, 2022
@mvidalgarcia
package: upgrade dependencies
41e3108 
closes reanahub#204
mvidalgarcia pushed a commit to mvidalgarcia/reana-ui that referenced this issue Jan 12, 2022
@mvidalgarcia
package: upgrade dependencies
b12aa83 
closes reanahub#204
mvidalgarcia pushed a commit to mvidalgarcia/reana-ui that referenced this issue Jan 12, 2022
@reana-team @mvidalgarcia
package: upgrade dependencies
e9ea0f5 
closes reanahub#204
@mvidalgarcia mvidalgarcia mentioned this issue Jan 12, 2022
Merged
mvidalgarcia pushed a commit to mvidalgarcia/reana-ui that referenced this issue Jan 12, 2022
@reana-team @mvidalgarcia
package: upgrade dependencies
be4bfb9 
closes reanahub#204
mvidalgarcia pushed a commit to mvidalgarcia/reana-ui that referenced this issue Jan 13, 2022
@reana-team @mvidalgarcia
package: upgrade dependencies
c80810d 
closes reanahub#204
@mvidalgarcia
Copy link
Member Author

Most of the vulnerabilities were solved, but there are still some. All of them (or almost all), are related to react-scripts version. We need to upgrade to 5.0.0 to solve them.

I had tried myself to upgrade it but yarn start is failing, so some research is needed there.

@mvidalgarcia mvidalgarcia reopened this Jan 14, 2022
@mvidalgarcia
Copy link
Member Author

mvidalgarcia commented Jan 24, 2022
edited
Loading

It seems that craco is still not 100% compatible with create-react-app v5 and hence with react-scripts 5.0.0. I've made some progress by updating the following packages but it still fails on yarn start.

diff --git a/reana-ui/package.json b/reana-ui/package.json
index 93321c2..0edece6 100644
--- a/reana-ui/package.json
+++ b/reana-ui/package.json
@@ -16,12 +16,12 @@
     "react-minimal-pie-chart": "^8.0.1",
     "react-redux": "^7.1.1",
     "react-router-dom": "^5.1.2",
-    "react-scripts": "^4.0.0",
+    "react-scripts": "^5.0.0",
     "redux": "^4.0.4",
     "redux-devtools-extension": "^2.13.8",
     "redux-thunk": "^2.3.0",
     "semantic-ui-css": "^2.4.1",
-    "semantic-ui-react": "^0.88.2"
+    "semantic-ui-react": "^2.0.0"
   },
   "scripts": {
     "analyze": "source-map-explorer 'build/static/js/*.js'",
@@ -44,7 +44,8 @@
   },
   "devDependencies": {
     "@craco/craco": "^6.0.0",
-    "@semantic-ui-react/craco-less": "^1.2.1",
+    "@semantic-ui-react/craco-less": "^2.0.0",
+    "babel-eslint": "^10.1.0",
     "craco-alias": "^2.1.1",
     "eslint-config-prettier": "^6.5.0",
     "eslint-config-react-app": "^5.2.0",

Related issues:

mvidalgarcia added a commit to mvidalgarcia/reana-ui that referenced this issue Jan 25, 2022
@mvidalgarcia
package: upgrade to react-scripts 5.0.0
19f1a72 
- upgrade semantic-ui deps to latest
- install `@semantic-ui-react/css-patch` to fix `semantic-ui-css` issue (Semantic-Org/Semantic-UI-React#4287 (comment))

closes reanahub#204
@mvidalgarcia mvidalgarcia mentioned this issue Jan 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mvidalgarcia mvidalgarcia

Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@mvidalgarcia