Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch round 2023-12 #2054

Open
9 of 23 tasks
Robbert opened this issue Dec 4, 2023 · 1 comment
Open
9 of 23 tasks

Patch round 2023-12 #2054

Robbert opened this issue Dec 4, 2023 · 1 comment
Assignees
@savitris

Comments

@Robbert
Copy link
Member

Robbert commented Dec 4, 2023
edited by savitris

Pro-tip: ignore warnings about deprecated packages until you have completed upgrade of major releases. Often major releases will fix deprecated warnings.

  • Check the /.patches/ directory in the root (if present), and see if there are any npm packages that have overrides for their code.
    • When for a patch/minor/major update these package are updated, you must also update the patch.
    • Sometimes the patch is no longer necessary, because the bug that the patch is for has been fixed in the actual package. Read the commit message for the patch, or read the GitHub PR comments or the related GitHub issue comments to find out what the patch was for.
    • if a package that has a patch file
  • Upgrade all npm dependencies
    • at least install pnpm run update-patch.
    • Run npm run test-update and see if the build/lint/test scripts are still OK
    • not all packages follow semantic versioning, especally 0.x.x versions. They will be installed as part of update-patch unfortunately, so update-patch sometimes isn't completely safe. Check if any packages have upgrades like 0.1.20.1.9.
    • If a patch update is problematic, you can add the package to the "ignore updates" list in .ncurc.patch.js.
    • ideally install pnpm run update-minor.
    • Run npm run test-update and see if the build/lint/test scripts are still OK
    • If a minor update is problematic, you can add the package to the "ignore updates" list in .ncurc.minor.js.
    • if there is time, install pnpm run update-major.
    • Run npm run test-update and see if the build/lint/test scripts are still OK
    • If a major update is problematic, you can add the package to the "ignore updates" list in .ncurc.major.js.
    • make an issue for minor/major upgrades that require so much time we better schedule it in a sprint
  • Upgrade all GitHub Action dependencies
    • Dependabot PRs are a great way to detect outdated dependencies in GitHub Actions
  • Upgrade to Node LTS version (long term support)
    • package.json
    • .github/workflows/* node-version
  • Upgrade to latest pnpm version
    • .github/workflows/*
    • package.json
  • Upgrade all vulnerable dependencies
  • If there are still deprecated warnings at this stage, check if they are direct dependencies? Are the dependencies mentioned in our own package.json files? Then it its probably worthwhile to investigate why the package is deprecated. A good information source is often the README on the page about the package on npmjs.com. They will likely mention the reason for deprecating the page (e.g: no time to install security patches, you are on your own!) and they might even suggest alternative packages.
@savitris savitris self-assigned this Dec 5, 2023
@savitris
Copy link
Contributor

savitris commented Dec 5, 2023

  • Sometimes the patch is no longer necessary, because the bug that the patch is for has been fixed in the actual package. Read the commit message for the patch, or read the GitHub PR comments or the related GitHub issue comments to find out what the patch was for.

Stencil patch for 4.5.0

For Stencil there is a version 4.8.0 now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@savitris savitris

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Robbert @savitris