Updates dependencies to latest with npm update

[ispivey]

Fixes #718 , because seeing the security alert banner was driving me a little bonkers 😄

I tested by running locally with npm install && npm run start, and then:

• Clicked through all boilerplates and tutorials; nothing visibly wrong
• Clicked through all main page links in the sidebar
• Verified that search works
• Verified that syntax highlighting works as expected

Anything else I should do to test?

[exvuma]

Thanks Ian!

[ispivey]

Thanks for picking this up @victoriabernard92 – realize this has to be refactored since the move to use yarn and workspaces. Let me know if I can help!

[exvuma]

@ispivey actually your help would be great. i am confused because upgrading didn't seem to change the minimist and kind-of packages to the required versions
https://github.com/cloudflare/workers-docs/network/alerts

Those aren't direct dependencies so I can't upgrade them individually, Any idea how to get around this?

[ispivey]

I realized the alerts are helpfully telling us the dependency is in the workers-site/package.lock.

If you navigate to the workers-site directory, you can do the following to see where the dependency comes from:

➜  workers-site git:(master) ✗ npm ls minimist
@0.0.5 /Users/ispivey/cf-repos/workers-docs/workers-docs/workers-site
└─┬ ava@1.4.1
  ├─┬ @babel/core@7.6.2
  │ └─┬ json5@2.1.0
  │   └── minimist@1.2.0
  ├─┬ chokidar@2.1.8
  │ └─┬ fsevents@1.2.9
  │   └─┬ node-pre-gyp@0.12.0
  │     ├─┬ mkdirp@0.5.1
  │     │ └── minimist@0.0.8
  │     └─┬ rc@1.2.8
  │       └── minimist@1.2.0
  ├─┬ unique-temp-dir@1.0.0
  │ └─┬ mkdirp@0.5.1
  │   └── minimist@0.0.8
  └─┬ update-notifier@2.5.0
    └─┬ latest-version@3.1.0
      └─┬ package-json@4.0.1
        └─┬ registry-auth-token@3.4.0
          └─┬ rc@1.2.8
            └── minimist@1.2.0  deduped

➜  workers-site git:(master) ✗ npm ls kind-of
@0.0.5 /Users/ispivey/cf-repos/workers-docs/workers-docs/workers-site
└─┬ ava@1.4.1
  └─┬ chokidar@2.1.8
    ├─┬ anymatch@2.0.0
    │ └─┬ micromatch@3.1.10
    │   ├─┬ define-property@2.0.2
    │   │ └─┬ is-descriptor@1.0.2
    │   │   ├─┬ is-accessor-descriptor@1.0.0
    │   │   │ └── kind-of@6.0.2  deduped
    │   │   ├─┬ is-data-descriptor@1.0.0
    │   │   │ └── kind-of@6.0.2  deduped
    │   │   └── kind-of@6.0.2  deduped
    │   ├─┬ extglob@2.0.4
    │   │ └─┬ define-property@1.0.0
    │   │   └─┬ is-descriptor@1.0.2
    │   │     ├─┬ is-accessor-descriptor@1.0.0
    │   │     │ └── kind-of@6.0.2  deduped
    │   │     ├─┬ is-data-descriptor@1.0.0
    │   │     │ └── kind-of@6.0.2  deduped
    │   │     └── kind-of@6.0.2  deduped
    │   ├── kind-of@6.0.2
    │   └─┬ nanomatch@1.2.13
    │     └── kind-of@6.0.2  deduped
    └─┬ braces@2.3.2
      ├─┬ fill-range@4.0.0
      │ └─┬ is-number@3.0.0
      │   └── kind-of@3.2.2
      ├─┬ snapdragon@0.8.2
      │ ├─┬ base@0.11.2
      │ │ ├─┬ cache-base@1.0.1
      │ │ │ ├─┬ has-value@1.0.0
      │ │ │ │ └─┬ has-values@1.0.0
      │ │ │ │   └── kind-of@4.0.0
      │ │ │ └─┬ to-object-path@0.3.0
      │ │ │   └── kind-of@3.2.2
      │ │ ├─┬ class-utils@0.3.6
      │ │ │ └─┬ static-extend@0.1.2
      │ │ │   └─┬ object-copy@0.1.0
      │ │ │     └── kind-of@3.2.2
      │ │ └─┬ define-property@1.0.0
      │ │   └─┬ is-descriptor@1.0.2
      │ │     ├─┬ is-accessor-descriptor@1.0.0
      │ │     │ └── kind-of@6.0.2  deduped
      │ │     ├─┬ is-data-descriptor@1.0.0
      │ │     │ └── kind-of@6.0.2  deduped
      │ │     └── kind-of@6.0.2  deduped
      │ └─┬ define-property@0.2.5
      │   └─┬ is-descriptor@0.1.6
      │     ├─┬ is-accessor-descriptor@0.1.6
      │     │ └── kind-of@3.2.2
      │     ├─┬ is-data-descriptor@0.1.4
      │     │ └── kind-of@3.2.2
      │     └── kind-of@5.1.0
      └─┬ snapdragon-node@2.1.1
        ├─┬ define-property@1.0.0
        │ └─┬ is-descriptor@1.0.2
        │   ├─┬ is-accessor-descriptor@1.0.0
        │   │ └── kind-of@6.0.2  deduped
        │   ├─┬ is-data-descriptor@1.0.0
        │   │ └── kind-of@6.0.2  deduped
        │   └── kind-of@6.0.2  deduped
        └─┬ snapdragon-util@3.0.1
          └── kind-of@3.2.2

That shows us both dependencies come from ava.

You can check for new versions by:

➜  workers-site git:(master) ✗ npm outdated
Package                       Current  Wanted  Latest  Location
@cloudflare/kv-asset-handler    0.0.5   0.0.5  0.0.10  global
@cloudflare/workers-types       1.0.6   1.0.9   1.0.9  global
ava                             1.4.1   1.4.1   3.8.2  global
prettier                       1.18.2  1.19.1   2.0.5  global
service-worker-mock             2.0.3   2.0.5   2.0.5  global

We've specified "ava": "^1.4.1" in our devDependencies, and 1.4.1 is the last release in the 1.X major version of ava, which is why npm update didn't update to the latest version (npm update respects semver).

So, setting our desired version of ava to 3.8.2 should address the issue.

[exvuma]

@ispivey thanks for the explanation! I learned some new things about npm and yarn on this one. Should be good to go now. What's on https://dev.bigfluffycloudflare.com/workers/ is this branch.

[kristianfreeman]

lgtm, build workflow should catch any issues with something like this so if it builds on GH actions and we can deploy to dev it feels good to me 👍