-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update generated app development package.json dependencies #553
Update generated app development package.json dependencies #553
Conversation
Wow! Great detail. Since you've gone deep in to this already, what is your assessment on the use of each of these? Like |
From what I've looked into so far, I actually can't answer any of those questions... maybe @paulcsmith can give some background, but in the meantime, I'll play with:
|
…ecure versions of development dependencies. Before I get into details, I've been running these dependencies in [Lucky Jumpstart](https://github.com/stephendolan/lucky_jumpstart) Lucky apps without issue for quite a while now. I also want to re-emphasize that this only bumps **development** dependencies, since all production dependencies are up to date. The long term discussion about how and if we keep this up to date is [here](luckyframework/lucky#1261). Below, I'll provide a rundown of the version changes made, as well as a TL;DR list of breaking changes that were noted. This PR tackles: - Alphabetizing the `dependencies:` section, since that seems to be the intention - Bumping `compression-webpack-plugin` from `^3.0.0` to `^6.0.1` ([Changelog here](https://github.com/webpack-contrib/compression-webpack-plugin/blob/master/CHANGELOG.md)) - 3 -> 4 breaking changes - the cache is true by default for webpack@4 - the cache option is ignored in webpack 5. Please use https://webpack.js.org/configuration/other-options/#cache. - minimum supported Node.js version is 10.13 - 4 -> 5 breaking changes - default value of the filename option is '[path].gz' - use processAssets hook for webpack@5 compatibility, it can create incompatibility with plugins that do not support webpack@5, please open an issue in their repositories - 5 -> 6 breaking changes - default value of the filename option was changed to "[path][base].gz" - removed the [dir] placeholder, please use the [path] placeholder - the Function type of the filename option should return value with placeholders, please see an example: https://github.com/webpack-contrib/compression-webpack-plugin#function-1 - Bumping `laravel-mix` from `^4.0.0` to `^5.0.5` ([Changelog here](https://github.com/JeffreyWay/laravel-mix/releases)) - 4 -> 5 breaking changes - Use `sass-loader` `8` - Bumping `resolve-url-loader` from `2.3.1` to `^3.1.1` ([Changelog here](https://github.com/bholloway/resolve-url-loader/releases)) - 2 -> 3 breaking changes - Multiple options changed or deprecated. - Removed file search "magic" in favour of join option. - Errors always fail and are no longer swallowed. - Processing absolute asset paths requires root option to be set. - Bumping `sass` from `1.17.1` to `^1.26.10` ([Changelog here](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)) - Bumping `sass-loader` from `^7.3.1` to `^10.0.2` ([Changelog here](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md)) - 7 -> 8 breaking changes - minimum required webpack version is 4.36.0 - minimum required node.js version is 8.9.0 - move all sass (includePaths, importer, functions, outputStyle) options to the sassOptions option. The functions option can't be used as Function, you should use sassOption as Function to achieve this. - the data option was renamed to the prependData option - default value of the sourceMap option depends on the devtool value (eval/false values don't enable source map generation) - 8 -> 9 breaking changes - minimum supported Nodejs version is 10.13 - prefer sass (dart-sass) by default, it is strongly recommended to migrate on sass (dart-sass) - the prependData option was removed in favor the additionalData option, see docs - when the sourceMap is true, sassOptions.sourceMap, sassOptions.sourceMapContents, sassOptions.sourceMapEmbed, sassOptions.sourceMapRoot and sassOptions.omitSourceMapUrl will be ignored. - 9 -> 10 breaking changes - loader generates absolute sources in source maps, also avoids modifying sass source maps if the sourceMap option is false - Bumping `vue-template-compiler` from `^2.5.22` to `^2.6.12` ([Changelog here](https://github.com/vuejs/vue/tree/dev/packages/vue-template-compiler#readme))
@jwoertink I come bearing (good?) news! Laravel Mix That said, I can't find the source that (I think) Paul must have copied from to get that sample file, so I don't have something explicit to diff against. Babel in Dev Vue Template Compiler
In summary:
|
Not sure if this could be a cache issue... but I have no idea why this'd be running: |
Ah weird. Do we need a |
Yeah, super strange because it doesn't occur when I run |
The Laravel mix files comes from https://laravel-mix.com/docs/5.0/installation#stand-alone-project so that could work as a diff. I don't have time to test this at the moment, but I am glad you are updating everything. Thank you! |
…well as a reminder of where the source comes from
Found out why we have If I can get CI/CD passing, I'll be sure to watch that repo and create a new one to migrate us to 6 later. |
Victory! @jwoertink if you don't mind giving this a quick review/approval I'll get it merged, followed by the Dependabot updates. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sweet. It'll be nice to keep these up to date.
@@ -14,12 +13,13 @@ | |||
"prod": "NODE_ENV=production yarn run webpack --progress --hide-modules --color --config=node_modules/laravel-mix/setup/webpack.config.js" | |||
}, | |||
"devDependencies": { | |||
"@babel/compat-data": "^7.9.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice 👍
/tmp/ | ||
|
||
# Libraries don't need dependency lock | ||
# Dependencies will be locked in application that uses them | ||
/shard.lock | ||
yarn.lock |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this also be added to generated projects? https://github.com/luckyframework/lucky_cli/blob/master/src/generators/web.cr#L75 I've never really known what best practice for that sort of deal is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've always seen yarn.lock committed to repos, so I think it's probably safer to leave it as is!
This was mostly to ensure that folks playing with these deps in the future don't accidentally push a yarn.lock, which could have some negative side effects like os-specific package sub-dependencies (if my limited knowledge serves me)
This PR aims to generate new Lucky applications with up-to-date and secure versions of development dependencies.
Before I get into details, I've been running these dependencies in Lucky Jumpstart Lucky apps without issue for quite a while now. I also want to re-emphasize that this only bumps development dependencies, since all production dependencies are up to date.
The long term discussion about how and if we keep this up to date is here.
Below, I'll provide a rundown of the version changes made, as well as a TL;DR list of breaking changes that were noted.
This PR tackles:
dependencies:
section, since that seems to be the intentioncompression-webpack-plugin
from^3.0.0
to^6.0.1
(Changelog here)laravel-mix
from^4.0.0
to^5.0.5
(Changelog here)sass-loader
8
resolve-url-loader
from2.3.1
to^3.1.1
(Changelog here)sass
from1.17.1
to^1.26.10
(Changelog here)sass-loader
from^7.3.1
to^10.0.2
(Changelog here)vue-template-compiler
from^2.5.22
to^2.6.12
(Changelog here)